Vulnerabilities > CVE-2008-2364 - Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Locate and Exploit Test APIs An attacker exploits a sample, demonstration, or test API that is insecure by default and should not be resident on production systems. Some applications include APIs that are intended to allow an administrator to test and refine their domain. These APIs should usually be disabled once a system enters a production environment. Testing APIs may expose a great deal of diagnostic information intended to aid an administrator, but which can also be used by an attacker to further refine their attack. Moreover, testing APIs may not have adequate security controls or may not have undergone rigorous testing since they were not intended for use in production environments. As such, they may have many flaws and vulnerabilities that would allow an attacker to severely disrupt a target.
- Flooding An attacker consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow control in management of interactions. Since each request consumes some of the target's resources, if a sufficiently large number of requests must be processed at the same time then the target's resources can be exhausted. The degree to which the attack is successful depends upon the volume of requests in relation to the amount of the resource the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquired additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more resources the attacker may need to have at their disposal. A typical TCP/IP flooding attack is a Distributed Denial-of-Service attack where many machines simultaneously make a large number of requests to a target. Against a target with strong defenses and a large pool of resources, many tens of thousands of attacking machines may be required. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the attacker can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
- Excessive Allocation An attacker causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request. For example, using an Integer Attack, the attacker could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.
- XML Ping of the Death An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
- XML Entity Expansion An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-731-1.NASL description It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203) It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420) It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678) It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168) It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364) It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36589 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36589 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-731-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(36589); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2007-6203", "CVE-2007-6420", "CVE-2008-1678", "CVE-2008-2168", "CVE-2008-2364", "CVE-2008-2939"); script_bugtraq_id(26663, 27236, 29653, 30560, 31692); script_xref(name:"USN", value:"731-1"); script_name(english:"Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : apache2 vulnerabilities (USN-731-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203) It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420) It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678) It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168) It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364) It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/731-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(79, 352, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-event"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-perchild"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-mpm-worker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-prefork-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-src"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-threaded-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:apache2.2-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libapr0-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.10 / 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"apache2", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-common", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-doc", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-perchild", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-prefork", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-mpm-worker", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-prefork-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-threaded-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"apache2-utils", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libapr0", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libapr0-dev", pkgver:"2.0.55-4ubuntu2.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-doc", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-event", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-perchild", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-prefork", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-mpm-worker", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-prefork-dev", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-src", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-threaded-dev", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2-utils", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"apache2.2-common", pkgver:"2.2.4-3ubuntu0.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-doc", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-event", pkgver:"2.2.8-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-perchild", pkgver:"2.2.8-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-prefork", pkgver:"2.2.8-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-mpm-worker", pkgver:"2.2.8-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-prefork-dev", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-src", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-threaded-dev", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2-utils", pkgver:"2.2.8-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"apache2.2-common", pkgver:"2.2.8-1ubuntu0.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2 / apache2-common / apache2-doc / apache2-mpm-event / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200807-06.NASL description The remote host is affected by the vulnerability described in GLSA-200807-06 (Apache: Denial of Service) Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678). Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364). sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420). Impact : A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially crafted URL, resulting in a Denial of Service of the Apache daemon. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33473 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33473 title GLSA-200807-06 : Apache: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200807-06. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(33473); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2007-6420", "CVE-2008-1678", "CVE-2008-2364"); script_xref(name:"GLSA", value:"200807-06"); script_name(english:"GLSA-200807-06 : Apache: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200807-06 (Apache: Denial of Service) Multiple vulnerabilities have been discovered in Apache: Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678). Ryujiro Shibuya reported that the ap_proxy_http_process_response() function in the mod_proxy module does not limit the number of forwarded interim responses (CVE-2008-2364). sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420). Impact : A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially crafted URL, resulting in a Denial of Service of the Apache daemon. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200807-06" ); script_set_attribute( attribute:"solution", value: "All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-servers/apache-2.2.9'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(352, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:apache"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/apache", unaffected:make_list("ge 2.2.9"), vulnerable:make_list("lt 2.2.9"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Apache"); }
NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6054.NASL description A DoS condition in apache2 last seen 2020-06-01 modified 2020-06-02 plugin id 35920 published 2009-03-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35920 title openSUSE 10 Security Update : apache2 (apache2-6054) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update apache2-6054. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(35920); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2008-2364"); script_name(english:"openSUSE 10 Security Update : apache2 (apache2-6054)"); script_summary(english:"Check for the apache2-6054 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "A DoS condition in apache2's mod_proxy has been fixed. CVE-2008-2364 has been assigned to this issue." ); script_set_attribute( attribute:"solution", value:"Update the affected apache2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-example-pages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-prefork"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-worker"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"apache2-2.2.4-70.8") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"apache2-devel-2.2.4-70.8") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"apache2-example-pages-2.2.4-70.8") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"apache2-prefork-2.2.4-70.8") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"apache2-utils-2.2.4-70.8") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"apache2-worker-2.2.4-70.8") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache2"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2008-6314.NASL description This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33839 published 2008-08-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33839 title Fedora 8 : httpd-2.2.9-1.fc8 (2008-6314) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-6314. # include("compat.inc"); if (description) { script_id(33839); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-2364"); script_bugtraq_id(29653); script_xref(name:"FEDORA", value:"2008-6314"); script_name(english:"Fedora 8 : httpd-2.2.9-1.fc8 (2008-6314)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update includes the latest release of httpd 2.2. A security issue is fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=451615" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-August/013402.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9b262ff6" ); script_set_attribute(attribute:"solution", value:"Update the affected httpd package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:httpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"httpd-2.2.9-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-007.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog last seen 2020-06-01 modified 2020-06-02 plugin id 34374 published 2008-10-10 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34374 title Mac OS X Multiple Vulnerabilities (Security Update 2008-007) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(34374); script_version("1.31"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2007-2691", "CVE-2007-4850", "CVE-2007-5333", "CVE-2007-5342", "CVE-2007-5461", "CVE-2007-5969", "CVE-2007-6286", "CVE-2007-6420", "CVE-2008-0002", "CVE-2008-0226", "CVE-2008-0227", "CVE-2008-0674", "CVE-2008-1232", "CVE-2008-1389", "CVE-2008-1678", "CVE-2008-1767", "CVE-2008-1947", "CVE-2008-2079", "CVE-2008-2364", "CVE-2008-2370", "CVE-2008-2371", "CVE-2008-2712", "CVE-2008-2938", "CVE-2008-3294", "CVE-2008-3432", "CVE-2008-3641", "CVE-2008-3642", "CVE-2008-3643", "CVE-2008-3645", "CVE-2008-3646", "CVE-2008-3647", "CVE-2008-3912", "CVE-2008-3913", "CVE-2008-3914", "CVE-2008-4101", "CVE-2008-4211", "CVE-2008-4212", "CVE-2008-4214", "CVE-2008-4215" ); script_bugtraq_id( 24016, 26070, 26765, 27006, 27140, 27236, 27413, 27703, 27706, 27786, 29106, 29312, 29502, 29653, 29715, 30087, 30279, 30494, 30496, 30633, 30795, 30994, 31051, 31681, 31692, 31707, 31708, 31711, 31715, 31716, 31718, 31719, 31720, 31721, 31722 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-007)"); script_summary(english:"Check for the presence of Security Update 2008-007"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-007 applied. This security update contains fixes for the following products : - Apache - Certificates - ClamAV - ColorSync - CUPS - Finder - launchd - libxslt - MySQL Server - Networking - PHP - Postfix - PSNormalizer - QuickLook - rlogin - Script Editor - Single Sign-On - Tomcat - vim - Weblog" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3216" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Apache Tomcat File Disclosure"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MySQL yaSSL SSL Hello Message Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(16, 20, 22, 79, 94, 119, 189, 200, 264, 352, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/10/10"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/10/15"); script_set_attribute(attribute:"patch_publication_date", value: "2008/10/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[78]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-5]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.007\.bom", string:packages)) security_hole(0); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C84DC9AD41F711DDA4F900163E000016.NASL description Apache HTTP server project reports : The following potential security flaws are addressed : - CVE-2008-2364: mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. - CVE-2007-6420: mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface last seen 2020-06-01 modified 2020-06-02 plugin id 33242 published 2008-06-24 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33242 title FreeBSD : apache -- multiple vulnerabilities (c84dc9ad-41f7-11dd-a4f9-00163e000016) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-195.NASL description A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses (CVE-2008-2364). A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). The updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37114 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37114 title Mandriva Linux Security Advisory : apache (MDVSA-2008:195) NASL family Scientific Linux Local Security Checks NASL id SL_20081111_HTTPD_ON_SL3_X.NASL description A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 60493 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60493 title Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-6035.NASL description A DoS condition in apache2 last seen 2020-06-01 modified 2020-06-02 plugin id 41473 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41473 title SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6035) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0967.NASL description From Red Hat Security Advisory 2008:0967 : Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 67760 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67760 title Oracle Linux 3 / 4 / 5 : httpd (ELSA-2008-0967) NASL family Web Servers NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 69301 published 2013-08-11 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69301 title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0967.NASL description Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 34751 published 2008-11-12 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34751 title RHEL 3 / 4 / 5 : httpd (RHSA-2008:0967) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0967.NASL description Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 37062 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37062 title CentOS 3 / 4 / 5 : httpd (CESA-2008:0967) NASL family Fedora Local Security Checks NASL id FEDORA_2008-6393.NASL description This update includes the latest release of httpd 2.2. Two security issues are fixed in this update: A flaw was found in the handling of excessive interim responses from an origin server when using mod_proxy_http. In a forward proxy configuration, if a user of the proxy could be tricked into visiting a malicious web server, the proxy could be forced into consuming a large amount of stack or heap memory. This could lead to an eventual process crash due to stack space exhaustion. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. A remote attacker enabling compression in an SSL handshake could cause a memory leak in the server, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33840 published 2008-08-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33840 title Fedora 9 : httpd-2.2.9-1.fc9 (2008-6393) NASL family Web Servers NASL id APACHE_2_0_64.NASL description According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.64. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists in the handling of requests without a path segment. (CVE-2010-1452) - Several modules, including last seen 2020-06-01 modified 2020-06-02 plugin id 50069 published 2010-10-20 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50069 title Apache 2.0.x < 2.0.64 Multiple Vulnerabilities NASL family Web Servers NASL id APACHE_2_2_9.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.9. It is, therefore, affected by multiple vulnerabilities : - Improper handling of excessive forwarded interim responses may cause denial of service conditions in mod_proxy_http. (CVE-2008-2364) - A cross-site request forgery vulnerability in the balancer-manager interface of mod_proxy_balancer. (CVE-2007-6420) Note that the remote web server may not actually be affected by these vulnerabilities. Nessus did not try to determine whether the affected modules are in use or to check for the issues themselves. last seen 2020-06-01 modified 2020-06-02 plugin id 33477 published 2008-07-11 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33477 title Apache 2.2.x < 2.2.9 Multiple Vulnerabilities (DoS, XSS)
Oval
accepted 2014-07-14T04:00:10.541-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
definition_extensions comment Apache HTTP Server 2.0.x is installed on the system oval oval:org.mitre.oval:def:8605 comment Apache HTTP Server 2.2.x is installed on the system oval oval:org.mitre.oval:def:8550
description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. family windows id oval:org.mitre.oval:def:11713 status accepted submitted 2010-07-27T17:30:00.000-05:00 title Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability version 11 accepted 2015-04-20T04:02:29.943-04:00 class vulnerability contributors name Michael Wood organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. family unix id oval:org.mitre.oval:def:6084 status accepted submitted 2008-08-28T13:04:06.000-04:00 title HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS) version 46 accepted 2013-04-29T04:20:24.353-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. family unix id oval:org.mitre.oval:def:9577 status accepted submitted 2010-07-09T03:56:16-04:00 title The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. version 27
Redhat
advisories |
| ||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | CVE: CVE-2008-2364 The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses. Attackers may exploit this issue to cause denial-of-service conditions. Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 11 x64 Turbolinux Turbolinux Server 11 Turbolinux Turbolinux Server 10.0.0 x64 TurboLinux Personal TurboLinux Multimedia Turbolinux FUJI 0 Turbolinux Appliance Server 2.0 Sun Solaris 10_x86 Sun Solaris 10_sparc S.u.S.E. SUSE Linux Enterprise Server 10 rPath rPath Linux 2 rPath rPath Linux 1 rPath Appliance Platform Linux Service 2 rPath Appliance Platform Linux Service 1 RedHat Fedora 8 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Application Stack v2 0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Linux Mandrake 2008.1 x86_64 MandrakeSoft Linux Mandrake 2008.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IBM OS/400 V5R4 IBM i5/OS 0 IBM HTTP Server 6.1 .17 IBM HTTP Server 6.1 .15 IBM HTTP Server 2.0.47 .1 IBM HTTP Server 2.0.47 IBM HTTP Server 6.1.0.13 IBM HTTP Server 6.1.0.1 IBM HTTP Server 6.1.0 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.0.63 Ubuntu Ubuntu Linux 7.10 powerpc * Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb * Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.4-3ubuntu0.2_powerpc.deb * Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb Ubuntu Ubuntu Linux 8.04 LTS powerpc * Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8 -1ubuntu0.4_powerpc.deb * Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb * Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8- 1ubuntu0.4_powerpc.deb * Ubuntu apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubunt u0.4_powerpc.deb * Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1u buntu0.4_powerpc.deb * Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8- 1ubuntu0.4_powerpc.deb * Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb * Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1 ubuntu0.4_powerpc.deb * Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ub untu0.4_powerpc.deb Ubuntu Ubuntu Linux 8.04 LTS sparc * Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1u buntu0.4_sparc.deb * Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8- 1ubuntu0.4_sparc.deb * Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ub untu0.4_sparc.deb * Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8- 1ubuntu0.4_sparc.deb * Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb * Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8 -1ubuntu0.4_sparc.deb * Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1 ubuntu0.4_sparc.deb * Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb * Ubuntu apache2-utils_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubunt u0.4_sparc.deb Ubuntu Ubuntu Linux 6.06 LTS sparc * Ubuntu apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.0.55-4ubuntu2.4_sparc.deb * Ubuntu apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.0.55-4ubuntu2.4_sparc.deb * Ubuntu apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.0.55-4ubuntu2.4_sparc.deb * Ubuntu apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.0.55-4ubuntu2.4_sparc.deb * Ubuntu apache2-utils_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 0.55-4ubuntu2.4_sparc.deb * Ubuntu apache2_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4 ubuntu2.4_sparc.deb * Ubuntu apache2-doc_2.0.55-4ubuntu2.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0. 55-4ubuntu2.4_all.deb * Ubuntu apache2-common_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2 .0.55-4ubuntu2.4_sparc.deb * Ubuntu libapr0_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4 ubuntu2.4_sparc.deb * Ubuntu libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0. 55-4ubuntu2.4_sparc.deb * Ubuntu apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.0.55-4ubuntu2.4_sparc.deb Ubuntu Ubuntu Linux 8.04 LTS amd64 * Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-utils_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb * Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.8-1ubuntu0.4_amd64.deb * Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb Ubuntu Ubuntu Linux 7.10 sparc * Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2-utils_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb * Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.4-3ubuntu0.2_sparc.deb * Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb * Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.4-3ubuntu0.2_sparc.deb Sun Solaris 10_x86 * Sun 120544-12 http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120544-12-1 Ubuntu Ubuntu Linux 6.06 LTS powerpc * Ubuntu apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 0.55-4ubuntu2.4_powerpc.deb * Ubuntu libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0. 55-4ubuntu2.4_powerpc.deb * Ubuntu apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.0.55-4ubuntu2.4_powerpc.deb * Ubuntu apache2-common_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2 .0.55-4ubuntu2.4_powerpc.deb * Ubuntu libapr0_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4 ubuntu2.4_powerpc.deb * Ubuntu apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.0.55-4ubuntu2.4_powerpc.deb * Ubuntu apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.0.55-4ubuntu2.4_powerpc.deb * Ubuntu apache2_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4 ubuntu2.4_powerpc.deb * Ubuntu apache2-doc_2.0.55-4ubuntu2.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0. 55-4ubuntu2.4_all.deb * Ubuntu apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.0.55-4ubuntu2.4_powerpc.deb * Ubuntu apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.0.55-4ubuntu2.4_powerpc.deb HP HP-UX B.11.23 * HP HPUXWSATW-B222-1123-32.depot PA-32 http://software.hp.com * HP HPUXWSATW-B222-1123-64.depot IA-64 http://software.hp.com * HP HPUXWSATW-B302-32.depot IA-64 http://software.hp.com Ubuntu Ubuntu Linux 8.04 LTS lpia * Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb * Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8- 1ubuntu0.4_lpia.deb * Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8 -1ubuntu0.4_lpia.deb * Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb * Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1 ubuntu0.4_lpia.deb * Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1u buntu0.4_lpia.deb * Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8- 1ubuntu0.4_lpia.deb * Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ub untu0.4_lpia.deb * Ubuntu apache2-utils_2.2.8-1ubuntu0.4_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubunt u0.4_lpia.deb Ubuntu Ubuntu Linux 6.06 LTS i386 * Ubuntu apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.0.55-4ubuntu2.4_i386.deb * Ubuntu apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.0.55-4ubuntu2.4_i386.deb * Ubuntu apache2-common_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2 .0.55-4ubuntu2.4_i386.deb * Ubuntu apache2-doc_2.0.55-4ubuntu2.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0. 55-4ubuntu2.4_all.deb * Ubuntu apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.0.55-4ubuntu2.4_i386.deb * Ubuntu libapr0_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4 ubuntu2.4_i386.deb * Ubuntu libapr0-dev_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0. 55-4ubuntu2.4_i386.deb * Ubuntu apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.0.55-4ubuntu2.4_i386.deb * Ubuntu apache2_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4 ubuntu2.4_i386.deb * Ubuntu apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.0.55-4ubuntu2.4_i386.deb * Ubuntu apache2-utils_2.0.55-4ubuntu2.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 0.55-4ubuntu2.4_i386.deb Ubuntu Ubuntu Linux 7.10 lpia * Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb * Ubuntu apache2-utils_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubunt u0.2_lpia.deb * Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3 ubuntu0.2_lpia.deb * Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4 -3ubuntu0.2_lpia.deb * Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb * Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4- 3ubuntu0.2_lpia.deb * Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ub untu0.2_lpia.deb * Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4- 3ubuntu0.2_lpia.deb * Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3u buntu0.2_lpia.deb * Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb Ubuntu Ubuntu Linux 7.10 i386 * Ubuntu apache2-utils_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb * Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb * Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.4-3ubuntu0.2_i386.deb * Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.4-3ubuntu0.2_i386.deb HP HP-UX B.11.11 * HP HPUXWSATW-B302-64.depot http://software.hp.com * HP HPUXWSATW-B222-1111.depot PA-32 http://software.hp.com Ubuntu Ubuntu Linux 6.06 LTS amd64 * Ubuntu apache2-doc_2.0.55-4ubuntu2.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0. 55-4ubuntu2.4_all.deb * Ubuntu apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.0.55-4ubuntu2.4_amd64.deb * Ubuntu apache2_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4 ubuntu2.4_amd64.deb * Ubuntu apache2-common_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2 .0.55-4ubuntu2.4_amd64.deb * Ubuntu apache2-utils_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 0.55-4ubuntu2.4_amd64.deb * Ubuntu libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0. 55-4ubuntu2.4_amd64.deb * Ubuntu apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.0.55-4ubuntu2.4_amd64.deb * Ubuntu apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.0.55-4ubuntu2.4_amd64.deb * Ubuntu apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.0.55-4ubuntu2.4_amd64.deb * Ubuntu libapr0_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4 ubuntu2.4_amd64.deb * Ubuntu apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.0.55-4ubuntu2.4_amd64.deb Ubuntu Ubuntu Linux 7.10 amd64 * Ubuntu apache2-utils_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb * Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb * Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb * Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.4-3ubuntu0.2_amd64.deb * Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.4-3ubuntu0.2_amd64.deb Ubuntu Ubuntu Linux 8.04 LTS i386 * Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.8-1ubuntu0.4_i386.deb * Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.8-1ubuntu0.4_i386.deb * Ubuntu apache2-utils_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.8-1ubuntu0.4_i386.deb * Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb * Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.8-1ubuntu0.4_i386.deb * Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.8-1ubuntu0.4_i386.deb * Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb * Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.8-1ubuntu0.4_i386.deb * Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb * Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.8-1ubuntu0.4_i386.deb HP HP-UX B.11.31 * HP HPUXWSATW-B222-1131-32.depot IA-32 http://software.hp.com * HP HPUXWSATW-B302-32.depot IA-64 http://software.hp.com * HP HPUXWSATW-B222-1131-64.depot IA-64 http://software.hp.com Apple Mac OS X Server 10.5.5 * Apple SecUpdSrvr2008-007.dmg http://www.apple.com/support/downloads/securityupdate2008007serverleop ard.html Apple Mac OS X 10.5.5 * Apple SecUpd2008-007.dmg http://www.apple.com/support/downloads/securityupdate2008007clientleop ard.html MandrakeSoft Multi Network Firewall 2.0 * Mandriva apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libapr0-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-modules-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-devel-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-common-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-source-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-manual-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ Apache Software Foundation Apache 2.0.63 * Apache Software Foundation httpd-2.2.9-win32-src.zip http://apache.sunsite.ualberta.ca/httpd/httpd-2.2.9-win32-src.zip * Apache Software Foundation httpd-2.2.9.tar.gz http://apache.sunsite.ualberta.ca/httpd/httpd-2.2.9.tar.gz Apache Software Foundation Apache 2.2.8 * Apache Software Foundation httpd-2.2.9.tar.gz http://apache.sunsite.ualberta.ca/httpd/httpd-2.2.9.tar.gz * Apache Software Foundation httpd-2.2.9-win32-src.zip http://apache.sunsite.ualberta.ca/httpd/httpd-2.2.9-win32-src.zip MandrakeSoft Corporate Server 3.0 * Mandriva apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-common-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-manual-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-devel-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-source-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-modules-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva libapr0-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm http://www.mandriva.com/en/download/ MandrakeSoft Corporate Server 3.0 x86_64 * Mandriva apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ * Mandriva apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm http://www.mandriva.com/en/download/ |
id | SSV:19592 |
last seen | 2017-11-19 |
modified | 2010-05-12 |
published | 2010-05-12 |
reporter | Root |
title | Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability |
Statements
contributor Mark J Cox lastmodified 2008-07-02 organization Apache statement Fixed in Apache HTTP Server 2.2.9. http://httpd.apache.org/security/vulnerabilities_22.html contributor Mark J Cox lastmodified 2008-06-26 organization Red Hat statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
References
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154
- http://www.securityfocus.com/bid/29653
- http://secunia.com/advisories/30621
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00153.html
- http://secunia.com/advisories/31416
- http://secunia.com/advisories/31404
- http://secunia.com/advisories/31026
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00055.html
- http://security.gentoo.org/glsa/glsa-200807-06.xml
- http://www.securitytracker.com/id?1020267
- http://secunia.com/advisories/31651
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
- http://www-01.ibm.com/support/docview.wss?uid=swg27008517
- http://secunia.com/advisories/31904
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK67579
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://www.securityfocus.com/bid/31681
- http://support.apple.com/kb/HT3216
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/32685
- http://rhn.redhat.com/errata/RHSA-2008-0967.html
- http://www.redhat.com/support/errata/RHSA-2008-0966.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:237
- http://marc.info/?l=bugtraq&m=123376588623823&w=2
- http://secunia.com/advisories/33156
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
- http://secunia.com/advisories/33797
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
- http://secunia.com/advisories/32838
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
- http://www.ubuntu.com/usn/USN-731-1
- http://secunia.com/advisories/34259
- http://secunia.com/advisories/34219
- http://secunia.com/advisories/34418
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html
- http://marc.info/?l=bugtraq&m=125631037611762&w=2
- http://www.vupen.com/english/advisories/2008/2780
- http://www.vupen.com/english/advisories/2009/0320
- http://www.vupen.com/english/advisories/2008/1798
- http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42987
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9577
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6084
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11713
- http://www.securityfocus.com/archive/1/498567/100/0/threaded
- http://www.securityfocus.com/archive/1/494858/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E