rhsa-2007_0557
Vulnerability from csaf_redhat
Published
2007-07-13 07:38
Modified
2024-11-05 16:45
Summary
Red Hat Security Advisory: httpd security update
Notes
Topic
Updated Apache httpd packages that correct two security issues are now
available for Red Hat Application Stack.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Details
The Apache HTTP Server is a popular Web server.
A flaw was found in the Apache HTTP Server mod_status module. On sites
where the server-status page is publicly accessible and ExtendedStatus is
enabled, this flaw could lead to a cross-site scripting attack. On Red Hat
Enterprise Linux, the server-status page is not enabled by default and it
is best practice to not make this publicly available. (CVE-2006-5752)
A bug was found in the Apache HTTP Server mod_cache module. On sites where
caching is enabled, a remote attacker could send a carefully crafted
request that would cause the Apache child process handling that request to
crash. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-1863)
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker with the ability to run
scripts on the Apache HTTP Server could manipulate the scoreboard and cause
arbitrary processes to be terminated which could lead to a denial of
service. (CVE-2007-3304).
Users of httpd should upgrade to these updated packages, which contain
backported patches to correct these issues. Users should restart Apache
after installing this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Apache httpd packages that correct two security issues are now\navailable for Red Hat Application Stack.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Apache HTTP Server is a popular Web server.\n\nA flaw was found in the Apache HTTP Server mod_status module. On sites\nwhere the server-status page is publicly accessible and ExtendedStatus is\nenabled, this flaw could lead to a cross-site scripting attack. On Red Hat\nEnterprise Linux, the server-status page is not enabled by default and it\nis best practice to not make this publicly available. (CVE-2006-5752)\n\nA bug was found in the Apache HTTP Server mod_cache module. On sites where\ncaching is enabled, a remote attacker could send a carefully crafted\nrequest that would cause the Apache child process handling that request to\ncrash. This could lead to a denial of service if using a threaded\nMulti-Processing Module. (CVE-2007-1863)\n\nThe Apache HTTP Server did not verify that a process was an Apache child\nprocess before sending it signals. A local attacker with the ability to run\nscripts on the Apache HTTP Server could manipulate the scoreboard and cause\narbitrary processes to be terminated which could lead to a denial of\nservice. (CVE-2007-3304).\n\nUsers of httpd should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Users should restart Apache\nafter installing this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2007:0557", "url": "https://access.redhat.com/errata/RHSA-2007:0557" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#moderate", "url": "http://www.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0557.json" } ], "title": "Red Hat Security Advisory: httpd security update", "tracking": { "current_release_date": "2024-11-05T16:45:49+00:00", "generator": { "date": "2024-11-05T16:45:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2007:0557", "initial_release_date": "2007-07-13T07:38:00+00:00", "revision_history": [ { "date": "2007-07-13T07:38:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2007-07-13T03:38:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T16:45:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } }, { "category": "product_name", "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product": { "name": "Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_stack:1" } } } ], "category": "product_family", "name": "Red Hat Application Stack" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "product": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "product_id": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.59-1.el4s1.7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.7.x86_64", "product": { "name": "httpd-0:2.0.59-1.el4s1.7.x86_64", "product_id": "httpd-0:2.0.59-1.el4s1.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.7?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "product": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "product_id": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.59-1.el4s1.7?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "product": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "product_id": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.59-1.el4s1.7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "product": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "product_id": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.59-1.el4s1.7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "httpd-manual-0:2.0.59-1.el4s1.7.i386", "product": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.i386", "product_id": "httpd-manual-0:2.0.59-1.el4s1.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.0.59-1.el4s1.7?arch=i386" } } }, { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.7.i386", "product": { "name": "httpd-0:2.0.59-1.el4s1.7.i386", "product_id": "httpd-0:2.0.59-1.el4s1.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.7?arch=i386" } } }, { "category": "product_version", "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "product": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "product_id": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-debuginfo@2.0.59-1.el4s1.7?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.0.59-1.el4s1.7.i386", "product": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.i386", "product_id": "mod_ssl-1:2.0.59-1.el4s1.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.0.59-1.el4s1.7?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-devel-0:2.0.59-1.el4s1.7.i386", "product": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.i386", "product_id": "httpd-devel-0:2.0.59-1.el4s1.7.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.0.59-1.el4s1.7?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "httpd-0:2.0.59-1.el4s1.7.src", "product": { "name": "httpd-0:2.0.59-1.el4s1.7.src", "product_id": "httpd-0:2.0.59-1.el4s1.7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.0.59-1.el4s1.7?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.src as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.src", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux AS (v.4)", "product_id": "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4AS-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.src as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.src", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.i386 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.7.i386", "relates_to_product_reference": "4ES-RHWAS" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64 as a component of Red Hat Application Stack v1 for Enterprise Linux ES (v.4)", "product_id": "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" }, "product_reference": "mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "relates_to_product_reference": "4ES-RHWAS" } ] }, "vulnerabilities": [ { "cve": "CVE-2006-5752", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2007-06-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245112" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_status XSS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-5752" }, { "category": "external", "summary": "RHBZ#245112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752", "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752" } ], "release_date": "2007-06-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-07-13T07:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0557" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_status XSS" }, { "cve": "CVE-2007-1863", "discovery_date": "2007-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "244658" } ], "notes": [ { "category": "description", "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd mod_cache segfault", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1863" }, { "category": "external", "summary": "RHBZ#244658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863" } ], "release_date": "2007-05-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-07-13T07:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0557" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd mod_cache segfault" }, { "cve": "CVE-2007-3304", "discovery_date": "2007-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "245111" } ], "notes": [ { "category": "description", "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd scoreboard lack of PID protection", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-3304" }, { "category": "external", "summary": "RHBZ#245111", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304", "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304" } ], "release_date": "2007-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-07-13T07:38:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4AS-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4AS-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.src", "4ES-RHWAS:httpd-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-debuginfo-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-devel-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:httpd-manual-0:2.0.59-1.el4s1.7.x86_64", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.i386", "4ES-RHWAS:mod_ssl-1:2.0.59-1.el4s1.7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0557" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd scoreboard lack of PID protection" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.