Latest Plugins
RHSA-2009-1148: httpd
Synopsis :
The remote host is missing the patch for the advisory RHSA-2009-1148
Description :
Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A denial of service flaw was found in the Apache mod_proxy module when it
was used as a reverse proxy. A remote attacker could use this flaw to force
a proxy process to consume large amounts of CPU time. (CVE-2009-1890)
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed before
compression completed. This would cause mod_deflate to consume large
amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
See also :
http://rhn.redhat.com/errata/RHSA-2009-1148.html
Solution :
Get the newest RedHat Updates.
Risk factor :
High
The remote host is missing the patch for the advisory RHSA-2009-1148
Description :
Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A denial of service flaw was found in the Apache mod_proxy module when it
was used as a reverse proxy. A remote attacker could use this flaw to force
a proxy process to consume large amounts of CPU time. (CVE-2009-1890)
A denial of service flaw was found in the Apache mod_deflate module. This
module continued to compress large files until compression was complete,
even if the network connection that requested the content was closed before
compression completed. This would cause mod_deflate to consume large
amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891)
All httpd users should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.
See also :
http://rhn.redhat.com/errata/RHSA-2009-1148.html
Solution :
Get the newest RedHat Updates.
Risk factor :
High
MDVSA-2009:149: apache
Synopsis :
The remote host is missing the patch for the advisory MDVSA-2009:149 (apache).
Description :
Multiple vulnerabilities has been found and corrected in apache:
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
module in the Apache HTTP Server before 2.3.3, when a reverse proxy
is configured, does not properly handle an amount of streamed data
that exceeds the Content-Length value, which allows remote attackers
to cause a denial of service (CPU consumption) via crafted requests
(CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects (CVE-2009-1891).
This update provides fixes for these vulnerabilities.
See also :
http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:149
Solution :
Apply the newest security patches from Mandriva.
Risk factor :
High
The remote host is missing the patch for the advisory MDVSA-2009:149 (apache).
Description :
Multiple vulnerabilities has been found and corrected in apache:
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy
module in the Apache HTTP Server before 2.3.3, when a reverse proxy
is configured, does not properly handle an amount of streamed data
that exceeds the Content-Length value, which allows remote attackers
to cause a denial of service (CPU consumption) via crafted requests
(CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other
modules, by forcing the server to consume CPU time in compressing a
large file after a client disconnects (CVE-2009-1891).
This update provides fixes for these vulnerabilities.
See also :
http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:149
Solution :
Apply the newest security patches from Mandriva.
Risk factor :
High
Mac OS X : Safari < 4.0.2
Synopsis :
The remote host contains a web browser that is affected by several
vulnerabilities.
Description :
The version of Safari installed on the remote Mac OS X host is earlier
than 4.0.2 Such versions are potentially affected by two issues :
- A vulnerability in WebKit's handling of parent and top
objects may allow for cross-site scripting attacks.
(CVE-2009-1724)
- A memory corruption issue in WebKit's handling of
numeric character references could lead to a crash or
arbitrary code execution. (CVE-2009-1725)
See also :
http://support.apple.com/kb/HT3666
http://lists.apple.com/archives/security-announce/2009/jul/msg00000.html
http://www.securityfocus.com/advisories/17297
Solution :
Upgrade to Safari 4.0.2 or later.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
The remote host contains a web browser that is affected by several
vulnerabilities.
Description :
The version of Safari installed on the remote Mac OS X host is earlier
than 4.0.2 Such versions are potentially affected by two issues :
- A vulnerability in WebKit's handling of parent and top
objects may allow for cross-site scripting attacks.
(CVE-2009-1724)
- A memory corruption issue in WebKit's handling of
numeric character references could lead to a crash or
arbitrary code execution. (CVE-2009-1725)
See also :
http://support.apple.com/kb/HT3666
http://lists.apple.com/archives/security-announce/2009/jul/msg00000.html
http://www.securityfocus.com/advisories/17297
Solution :
Upgrade to Safari 4.0.2 or later.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Safari < 4.0.2
Synopsis :
The remote host contains a web browser that is affected by several
vulnerabilities.
Description :
The version of Safari installed on the remote Mac OS X host is earlier
than 4.0.2 Such versions are potentially affected by two issues :
- A vulnerability in WebKit's handling of parent and top
objects may allow for cross-site scripting attacks.
(CVE-2009-1724)
- A memory corruption issue in WebKit's handling of
numeric character references could lead to a crash or
arbitrary code execution. (CVE-2009-1725)
See also :
http://support.apple.com/kb/HT3666
http://lists.apple.com/archives/security-announce/2009/jul/msg00000.html
http://www.securityfocus.com/advisories/17297
Solution :
Upgrade to Safari 4.0.2 or later.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
The remote host contains a web browser that is affected by several
vulnerabilities.
Description :
The version of Safari installed on the remote Mac OS X host is earlier
than 4.0.2 Such versions are potentially affected by two issues :
- A vulnerability in WebKit's handling of parent and top
objects may allow for cross-site scripting attacks.
(CVE-2009-1724)
- A memory corruption issue in WebKit's handling of
numeric character references could lead to a crash or
arbitrary code execution. (CVE-2009-1725)
See also :
http://support.apple.com/kb/HT3666
http://lists.apple.com/archives/security-announce/2009/jul/msg00000.html
http://www.securityfocus.com/advisories/17297
Solution :
Upgrade to Safari 4.0.2 or later.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Mac OS X : Java for Mac OS X 10.4 Release 9
Synopsis :
The remote host has a version of Java that is affected by multiple
vulnerabilities.
Description :
The remote Mac OS X 10.4 host is running a version of Java for Mac OS
X older than release 9.
The remote version of this software contains several security
vulnerabilities. A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges.
See also :
http://support.apple.com/kb/HT3633
http://lists.apple.com/archives/Security-announce/2009/Jun//msg00004.html
Solution :
Upgrade to Java for Mac OS X 10.4 release 9.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
The remote host has a version of Java that is affected by multiple
vulnerabilities.
Description :
The remote Mac OS X 10.4 host is running a version of Java for Mac OS
X older than release 9.
The remote version of this software contains several security
vulnerabilities. A remote attacker could exploit these issues to
bypass security restrictions, disclose sensitive information, cause a
denial of service, or escalate privileges.
See also :
http://support.apple.com/kb/HT3633
http://lists.apple.com/archives/Security-announce/2009/Jun//msg00004.html
Solution :
Upgrade to Java for Mac OS X 10.4 release 9.
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Solaris 10 (x86) : 141779-02
Synopsis :
The remote host is missing Sun Security Patch number 141779-02
Description :
SunOS 5.10_x86: lp patch.
Date this patch was last updated by Sun : Jun/15/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141779-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
Medium
The remote host is missing Sun Security Patch number 141779-02
Description :
SunOS 5.10_x86: lp patch.
Date this patch was last updated by Sun : Jun/15/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141779-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
Medium
Solaris 10 (x86) : 141734-02
Synopsis :
The remote host is missing Sun Security Patch number 141734-02
Description :
SunOS 5.10_x86: klmmod patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141734-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
High
The remote host is missing Sun Security Patch number 141734-02
Description :
SunOS 5.10_x86: klmmod patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141734-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
High
Solaris 10 (sparc) : 141910-01
Synopsis :
The remote host is missing Sun Security Patch number 141910-01
Description :
SunOS 5.10: ntpq patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141910-01-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
Medium
The remote host is missing Sun Security Patch number 141910-01
Description :
SunOS 5.10: ntpq patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141910-01-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
Medium
Solaris 10 (sparc) : 141733-02
Synopsis :
The remote host is missing Sun Security Patch number 141733-02
Description :
SunOS 5.10: klmmod patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141733-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
High
The remote host is missing Sun Security Patch number 141733-02
Description :
SunOS 5.10: klmmod patch.
Date this patch was last updated by Sun : Jul/07/09
See also :
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141733-02-1
Solution :
You should install this patch for your system to be up-to-date.
Risk factor :
High
MDVSA-2009:124-1: apache
Synopsis :
The remote host is missing the patch for the advisory MDVSA-2009:124-1 (apache).
Description :
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).
This update provides fixes for these vulnerabilities.
Update:
The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was
incomplete, this update addresses the problem.
See also :
http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:124-1
Solution :
Apply the newest security patches from Mandriva.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
The remote host is missing the patch for the advisory MDVSA-2009:124-1 (apache).
Description :
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c
in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,
allows remote attackers to inject arbitrary web script or HTML via
wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this
security issue was initially addressed with MDVSA-2008:195 but the
patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
properly handle Options=IncludesNOEXEC in the AllowOverride directive,
which allows local users to gain privileges by configuring (1) Options
Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a
.htaccess file, and then inserting an exec element in a .shtml file
(CVE-2009-1195).
This update provides fixes for these vulnerabilities.
Update:
The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was
incomplete, this update addresses the problem.
See also :
http://wwwnew.mandriva.com/security/advisories?name=MDVSA-2009:124-1
Solution :
Apply the newest security patches from Mandriva.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
AIX 530009 : U826314
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826314 which is related
to the security of the package devices.pciex.df1000f1df1024f1.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826314 which is related
to the security of the package devices.pciex.df1000f1df1024f1.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530009 : U826313
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826313 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826313 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530009 : U826312
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826312 which is related
to the security of the package devices.pciex.7710322577106501.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826312 which is related
to the security of the package devices.pciex.7710322577106501.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530009 : U826311
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826311 which is related
to the security of the package devices.pci.1410c302.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826311 which is related
to the security of the package devices.pci.1410c302.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530009 : U826310
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826310 which is related
to the security of the package devices.pci.1410a803.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826310 which is related
to the security of the package devices.pci.1410a803.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530008 : U826309
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826309 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826309 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530008 : U826308
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826308 which is related
to the security of the package devices.pciex.7710322577106501.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826308 which is related
to the security of the package devices.pciex.7710322577106501.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530008 : U826307
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826307 which is related
to the security of the package devices.pci.1410c302.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826307 which is related
to the security of the package devices.pci.1410c302.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530008 : U826306
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826306 which is related
to the security of the package devices.pci.1410a803.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826306 which is related
to the security of the package devices.pci.1410a803.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
AIX 530007 : U826305
Synopsis :
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826305 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
The remote host is missing a vendor supplied security patch
Description :
The remote host is missing AIX PTF U826305 which is related
to the security of the package devices.pciex.7710322577107601.rte
You should install this PTF for your system to be up-to-date.
Solution :
Run 'suma -x -a RqType=Security' on the remote system
Risk factor :
High
