Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200711-06
HistoryNov 07, 2007 - 12:00 a.m.

Apache: Multiple vulnerabilities

2007-11-0700:00:00
Gentoo Foundation
security.gentoo.org
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.877 High

EPSS

Percentile

98.6%

JSON

Background

The Apache HTTP server is one of the most popular web servers on the Internet.

Description

Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).

Impact

A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache<Β 2.2.6UNKNOWN

Related

nessus 43
openvas 55
fedora 6
altlinux 16
suse 1
oraclelinux 7
securityvulns 7
freebsd 1
centos 7
redhat 10
ubuntu 2
vmware 2
cve 6
httpd 11
ubuntucve 6
veracode 5
debiancve 6
prion 5
redhatcve 1
seebug 1
checkpoint_advisories 1
nessus
nessus
GLSA-200711-06 : Apache: Multiple vulnerabilities
2007-11-08 00:00:00
Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)
2007-11-06 00:00:00
SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)
2007-12-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200711-06 (apache)
2008-09-24 00:00:00
Fedora Update for httpd FEDORA-2007-2214
2009-02-27 00:00:00
Fedora Update for httpd FEDORA-2007-2214
2009-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7
2007-09-19 02:53:28
[SECURITY] Fedora Core 6 Update: httpd-2.2.4-2.1.fc6
2007-07-12 22:53:51
[SECURITY] Fedora 7 Update: httpd-2.2.4-4.1.fc7
2007-06-27 03:52:42
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.5-alt1
2007-08-18 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.5-alt1
2007-08-18 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.5-alt1
2007-08-18 00:00:00
suse
suse
remote denial of service in apache2
2007-11-19 15:20:20
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2007-11-19 00:00:00
httpd security, bug fix, and enhancement update
2007-11-27 00:00:00
Moderate: httpd security update
2007-06-26 00:00:00
securityvulns
securityvulns
[Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl
2007-09-14 00:00:00
Apache crossite scripting
2007-09-13 00:00:00
Apache mod_mem_cache information leak
2007-06-20 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2007-09-07 00:00:00
centos
centos
httpd, mod_ssl security update
2007-06-27 11:06:14
apache security update
2007-06-26 23:35:19
httpd, mod_ssl security update
2007-06-27 15:34:54
redhat
redhat
(RHSA-2007:0557) Moderate: httpd security update
2007-07-13 00:00:00
(RHSA-2007:0556) Moderate: httpd security update
2007-06-26 00:00:00
(RHSA-2007:0533) Moderate: httpd security update
2007-06-27 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2007-08-17 00:00:00
Apache vulnerabilities
2008-02-04 00:00:00
vmware
vmware
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
cve
cve
CVE-2006-5752
2007-06-27 17:30:00
CVE-2007-3304
2007-06-20 22:30:00
CVE-2007-4465
2007-09-14 00:17:00
httpd
httpd
Apache Httpd < 2.0.61 : mod_status cross-site scripting
2006-10-19 00:00:00
Apache Httpd < 1.3.39 : mod_status cross-site scripting
2006-10-19 00:00:00
Apache Httpd < 2.2.6 : mod_status cross-site scripting
2006-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2006-5752
2007-06-27 00:00:00
CVE-2007-1862
2007-06-04 00:00:00
CVE-2007-3304
2007-06-20 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:16:40
Denial Of Service (DoS)
2020-04-10 00:16:41
Cross-Site Scripting (XSS)
2020-04-10 00:18:54
debiancve
debiancve
CVE-2006-5752
2007-06-27 17:30:00
CVE-2007-4465
2007-09-14 00:17:00
CVE-2007-3304
2007-06-20 22:30:00
prion
prion
Code injection
2007-06-20 22:30:00
Cross site scripting
2007-09-14 00:17:00
Information disclosure
2007-06-04 23:30:00
redhatcve
redhatcve
CVE-2007-1862
2015-10-30 09:29:13
seebug
seebug
Apache HTTP Server WorkerθΏ›η¨‹ε€šδΈͺζœ¬εœ°ζ‹’η»ζœεŠ‘ζΌζ΄ž
2007-08-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_cache Module Denial of Service (CVE-2007-1863)
2008-01-24 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.877 High

EPSS

Percentile

98.6%

JSON
Related for GLSA-200711-06
nessus43openvas55fedora6altlinux16suse1oraclelinux7securityvulns7freebsd1centos7redhat10ubuntu2vmware2cve6httpd11ubuntucve6veracode5debiancve6prion5redhatcve1seebug1checkpoint_advisories1