Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2007:0533
HistoryJun 27, 2007 - 12:00 a.m.

(RHSA-2007:0533) Moderate: httpd security update

2007-06-2700:00:00
access.redhat.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.956 High

EPSS

Percentile

99.2%

JSON

The Apache HTTP Server is a popular Web server.

A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled this could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux the server-status page is not enabled by default and it is
best practice to not make this publicly available. (CVE-2006-5752)

A flaw was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)

In addition, two bugs were fixed:

  • when the ProxyErrorOverride directive was enabled, responses with 3xx
    status-codes would be overriden at the proxy. This has been changed so that
    only 4xx and 5xx responses are overriden.

  • the “ProxyTimeout” directive was not inherited across virtual host
    definitions.

Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.

Related

nessus 30
oraclelinux 5
centos 4
redhat 6
altlinux 9
openvas 55
ubuntu 1
fedora 5
securityvulns 3
suse 1
freebsd 1
httpd 5
cve 2
ubuntucve 2
veracode 2
debiancve 2
checkpoint_advisories 1
prion 1
gentoo 1
vmware 2
oracle 1
nessus
nessus
CentOS 4 : httpd (CESA-2007:0534)
2007-06-27 00:00:00
Oracle Linux 4 : httpd (ELSA-2007-0534)
2013-07-12 00:00:00
Scientific Linux Security Update : httpd on SL3.x i386/x86_64
2012-08-01 00:00:00
oraclelinux
oraclelinux
Moderate: httpd security update
2007-06-27 00:00:00
Moderate: httpd security update
2007-06-26 00:00:00
Moderate: httpd security update
2007-06-26 00:00:00
centos
centos
httpd, mod_ssl security update
2007-06-27 15:34:54
httpd, mod_ssl security update
2007-06-27 00:14:54
httpd, mod_ssl security update
2007-06-27 11:06:14
redhat
redhat
(RHSA-2007:0534) Moderate: httpd security update
2007-06-26 00:00:00
(RHSA-2007:0557) Moderate: httpd security update
2007-07-13 00:00:00
(RHSA-2007:0556) Moderate: httpd security update
2007-06-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.4-alt31
2007-07-05 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.4-alt30
2007-07-04 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.4-alt31
2007-07-05 00:00:00
openvas
openvas
Ubuntu Update for apache2 vulnerabilities USN-499-1
2009-03-23 00:00:00
Mandriva Update for apache MDKSA-2007:140 (apache)
2009-04-09 00:00:00
Mandriva Update for apache MDKSA-2007:140 (apache)
2009-04-09 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2007-08-17 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
2007-07-02 15:01:38
[SECURITY] Fedora Core 6 Update: httpd-2.2.4-2.1.fc6
2007-07-12 22:53:51
[SECURITY] Fedora 7 Update: httpd-2.2.4-4.1.fc7
2007-06-27 03:52:42
securityvulns
securityvulns
[Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl
2007-09-14 00:00:00
About the security content of Security Update 2008-003 / Mac OS X 10.5.3
2008-05-30 00:00:00
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-08-12 00:00:00
suse
suse
remote denial of service in apache2
2007-11-19 15:20:20
freebsd
freebsd
apache -- multiple vulnerabilities
2007-09-07 00:00:00
httpd
httpd
Apache Httpd < 1.3.39 : mod_status cross-site scripting
2006-10-19 00:00:00
Apache Httpd < 2.2.6 : mod_status cross-site scripting
2006-10-19 00:00:00
Apache Httpd < 2.0.61 : mod_status cross-site scripting
2006-10-19 00:00:00
cve
cve
CVE-2006-5752
2007-06-27 17:30:00
CVE-2007-1863
2007-06-27 17:30:00
ubuntucve
ubuntucve
CVE-2006-5752
2007-06-27 00:00:00
CVE-2007-1863
2007-06-27 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:16:40
Denial Of Service (DoS)
2020-04-10 00:16:40
debiancve
debiancve
CVE-2006-5752
2007-06-27 17:30:00
CVE-2007-1863
2007-06-27 17:30:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_cache Module Denial of Service (CVE-2007-1863)
2008-01-24 00:00:00
prion
prion
Design/Logic Flaw
2007-06-27 17:30:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2007-11-07 00:00:00
vmware
vmware
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.956 High

EPSS

Percentile

99.2%

JSON
Related for RHSA-2007:0533
nessus30oraclelinux5centos4redhat6altlinux9openvas55ubuntu1fedora5securityvulns3suse1freebsd1httpd5cve2ubuntucve2veracode2debiancve2checkpoint_advisories1prion1gentoo1vmware2oracle1