rhsa-2006_0692
Vulnerability from csaf_redhat
Published
2006-09-29 15:47
Modified
2024-11-14 10:04
Summary
Red Hat Security Advisory: apache security update for Stronghold

Notes

Topic
An updated version of Apache that addresses several security issues is now available for Stronghold 4.0 for Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team.
Details
The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352) Users of Stronghold should upgrade to these updated packages, which contain a backported patch to correct this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated version of Apache that addresses several security issues is now\navailable for Stronghold 4.0 for Enterprise Linux.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Apache HTTP server is a powerful, full-featured, efficient, and\nfreely-available Web server.\n\nA bug was found in Apache where an invalid Expect header sent to the server\nwas returned to the user in an unescaped error message. This could\nallow an attacker to perform a cross-site scripting attack if a victim was\ntricked into connecting to a site and sending a carefully crafted Expect\nheader. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by\na third-party attacker, it was recently discovered that certain versions of\nthe Flash plugin can manipulate request headers. If users running such\nversions can be persuaded to load a web page with a malicious Flash applet,\na cross-site scripting attack against the server may be possible.\n\nA flaw in mod_imap when using the Referer directive with image maps was\ndiscovered. With certain site configurations, a remote attacker could\nperform a cross-site scripting attack if a victim can be forced to visit a\nmalicious URL using certain web browsers.  (CVE-2005-3352)\n\nUsers of Stronghold should upgrade to these updated packages, which \ncontain a backported patch to correct this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0692",
        "url": "https://access.redhat.com/errata/RHSA-2006:0692"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "207922",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=207922"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2006/rhsa-2006_0692.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-14T10:04:47+00:00",
      "generator": {
        "date": "2024-11-14T10:04:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2006:0692",
      "initial_release_date": "2006-09-29T15:47:00+00:00",
      "revision_history": [
        {
          "date": "2006-09-29T15:47:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-09-29T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:04:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
                "product": {
                  "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
                  "product_id": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_stronghold:4.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold 4.0 for Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-3352",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2005-12-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "430524"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd cross-site scripting flaw in mod_imap",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3352"
        },
        {
          "category": "external",
          "summary": "RHBZ#430524",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430524"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3352",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3352",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3352"
        }
      ],
      "release_date": "2005-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-29T15:47:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0692"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd cross-site scripting flaw in mod_imap"
    },
    {
      "cve": "CVE-2006-3918",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-07-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "200732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Expect header XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#200732",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
        }
      ],
      "release_date": "2006-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2006-09-29T15:47:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0692"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: Expect header XSS"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.