Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0967
HistoryNov 11, 2008 - 8:45 p.m.

httpd, mod_ssl security update

2008-11-1120:45:50
CentOS Project
lists.centos.org
43

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.054 Low

EPSS

Percentile

93.0%

JSON

CentOS Errata and Security Advisory CESA-2008:0967

The Apache HTTP Server is a popular Web server.

A flaw was found in the mod_proxy Apache module. An attacker in control of
a Web server to which requests were being proxied could have caused a
limited denial of service due to CPU consumption and stack exhaustion.
(CVE-2008-2364)

A flaw was found in the mod_proxy_ftp Apache module. If Apache was
configured to support FTP-over-HTTP proxying, a remote attacker could have
performed a cross-site scripting attack. (CVE-2008-2939)

In addition, these updated packages fix a bug found in the handling of the
โ€œProxyRemoteMatchโ€ directive in the Red Hat Enterprise Linux 4 httpd
packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red
Hat Enterprise Linux 5 packages.

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-November/077551.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077552.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077555.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077556.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077566.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077567.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077572.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077573.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077580.html
https://lists.centos.org/pipermail/centos-announce/2008-November/077582.html
https://lists.centos.org/pipermail/centos-announce/2008-November/090310.html
https://lists.centos.org/pipermail/centos-announce/2008-November/090311.html
https://lists.centos.org/pipermail/centos-announce/2008-November/090314.html
https://lists.centos.org/pipermail/centos-announce/2008-November/090315.html

Affected packages:
httpd
httpd-devel
httpd-manual
httpd-suexec
mod_ssl

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0967

OSVersionArchitecturePackageVersionFilename
CentOS5i386httpd<ย 2.2.3-11.el5.centos.4httpd-2.2.3-11.el5.centos.4.i386.rpm
CentOS5i386httpd-devel<ย 2.2.3-11.el5.centos.4httpd-devel-2.2.3-11.el5.centos.4.i386.rpm
CentOS5i386httpd-manual<ย 2.2.3-11.el5.centos.4httpd-manual-2.2.3-11.el5.centos.4.i386.rpm
CentOS5i386mod_ssl<ย 2.2.3-11.el5.centos.4mod_ssl-2.2.3-11.el5.centos.4.i386.rpm
CentOS5x86_64httpd<ย 2.2.3-11.el5.centos.4httpd-2.2.3-11.el5.centos.4.x86_64.rpm
CentOS5i386httpd-devel<ย 2.2.3-11.el5.centos.4httpd-devel-2.2.3-11.el5.centos.4.i386.rpm
CentOS5x86_64httpd-devel<ย 2.2.3-11.el5.centos.4httpd-devel-2.2.3-11.el5.centos.4.x86_64.rpm
CentOS5x86_64httpd-manual<ย 2.2.3-11.el5.centos.4httpd-manual-2.2.3-11.el5.centos.4.x86_64.rpm
CentOS5x86_64mod_ssl<ย 2.2.3-11.el5.centos.4mod_ssl-2.2.3-11.el5.centos.4.x86_64.rpm
CentOS3i386httpd<ย 2.0.46-71.enthttpd-2.0.46-71.ent.i386.rpm
Rows per page:
1-10 of 641

Related

oraclelinux 1
nessus 30
openvas 60
redhat 2
httpd 4
cert 1
checkpoint_advisories 4
debiancve 2
cve 2
freebsd 2
veracode 2
ubuntucve 2
seebug 3
prion 2
securityvulns 7
fedora 2
ubuntu 1
altlinux 6
packetstorm 1
gentoo 1
kaspersky 1
oracle 1
oraclelinux
oraclelinux
httpd security and bug fix update
2008-11-11 00:00:00
nessus
nessus
RHEL 3 / 4 / 5 : httpd (RHSA-2008:0967)
2008-11-12 00:00:00
CentOS 3 / 4 / 5 : httpd (CESA-2008:0967)
2009-04-23 00:00:00
Oracle Linux 3 / 4 / 5 : httpd (ELSA-2008-0967)
2013-07-12 00:00:00
openvas
openvas
CentOS Update for httpd CESA-2008:0967 centos3 i386
2009-02-27 00:00:00
CentOS Update for httpd CESA-2008:0967 centos3 x86_64
2009-02-27 00:00:00
RedHat Update for httpd RHSA-2008:0967-01
2009-03-06 00:00:00
redhat
redhat
(RHSA-2008:0967) Moderate: httpd security and bug fix update
2008-11-11 00:00:00
(RHSA-2008:0966) Moderate: Red Hat Application Stack v2.2 security and enhancement update
2008-12-04 00:00:00
httpd
httpd
Apache Httpd < 2.2.10 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
Apache Httpd < 2.0.64 : mod_proxy_ftp globbing XSS
2008-07-28 00:00:00
Apache Httpd < 2.2.9 : mod_proxy_http DoS
2008-05-29 00:00:00
cert
cert
Apache mod_proxy_ftp XSS vulnerability
2008-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Update protection against Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross Site Scripting
2008-09-19 00:00:00
Update Protection against Apache mod_proxy_ftp XSS Vulnerability
2008-09-19 00:00:00
Apache Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting (CVE-2008-2939)
2009-09-30 00:00:00
debiancve
debiancve
CVE-2008-2939
2008-08-06 18:41:00
CVE-2008-2364
2008-06-13 18:41:00
cve
cve
CVE-2008-2939
2008-08-06 18:41:00
CVE-2008-2364
2008-06-13 18:41:00
freebsd
freebsd
apache -- Cross-site scripting vulnerability
2008-07-25 00:00:00
apache -- multiple vulnerabilities
2008-06-14 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:29:44
Denial Of Service (DoS)
2020-04-10 00:29:44
ubuntucve
ubuntucve
CVE-2008-2939
2008-08-06 00:00:00
CVE-2008-2364
2008-06-13 00:00:00
seebug
seebug
Apache mod_proxy_ftpๆจกๅ—้€š้…็ฌฆๅญ—็ฌฆ่ทจ็ซ™่„šๆœฌๆผๆดž
2008-08-08 00:00:00
IBM HTTP Server mod_proxy_ftp ่ทจ็ซ™่„šๆœฌๆผๆดž
2009-02-16 00:00:00
Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
2010-05-12 00:00:00
prion
prion
Design/Logic Flaw
2008-06-13 18:41:00
Cross site scripting
2008-08-06 18:41:00
securityvulns
securityvulns
Apache mod_proxy_ftp crossite scripting
2008-08-07 00:00:00
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
2008-08-07 00:00:00
Apache multiple DoS conditions
2008-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: httpd-2.2.9-1.fc8
2008-08-07 23:57:20
[SECURITY] Fedora 9 Update: httpd-2.2.9-1.fc9
2008-08-07 23:48:09
ubuntu
ubuntu
Apache vulnerabilities
2009-03-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.9-alt1
2008-07-08 00:00:00
packetstorm
packetstorm
ProtonMail.ch Header Injection / CSRF
2014-05-30 00:00:00
gentoo
gentoo
Apache: Denial of service
2008-07-09 00:00:00
kaspersky
kaspersky
KLA10066 Multiple vulnerabilities in Apache httpd
2010-10-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.054 Low

EPSS

Percentile

93.0%

JSON
Related for CESA-2008:0967
oraclelinux1nessus30openvas60redhat2httpd4cert1checkpoint_advisories4debiancve2cve2freebsd2veracode2ubuntucve2seebug3prion2securityvulns7fedora2ubuntu1altlinux6packetstorm1gentoo1kaspersky1oracle1