Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.105498
Categoría:F5 Local Security Checks
Título:F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068
Resumen:The remote host is missing a security patch.
Descripción:Summary:
The remote host is missing a security patch.

Vulnerability Insight:
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Vulnerability Impact:
This vulnerability can allow the unauthorized disclosure of information.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2791
BugTraq ID: 42102
http://www.securityfocus.com/bid/42102
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2010/07/30/1
http://www.redhat.com/support/errata/RHSA-2010-0659.html
XForce ISS Database: apache-modproxy-info-disclsoure(60883)
https://exchange.xforce.ibmcloud.com/vulnerabilities/60883
Common Vulnerability Exposure (CVE) ID: CVE-2010-2068
AIX APAR: PM16366
http://www.ibm.com/support/docview.wss?uid=swg1PM16366
AIX APAR: SI4053
http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
BugTraq ID: 40827
http://www.securityfocus.com/bid/40827
Bugtraq: 20100611 [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (Google Search)
http://www.securityfocus.com/archive/1/511809/100/0/threaded
HPdes Security Advisory: HPSBMA02568
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995
HPdes Security Advisory: SSRT100219
http://marc.info/?l=apache-announce&m=128009718610929&w=2
http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400@apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931
http://www.redhat.com/support/errata/RHSA-2011-0896.html
http://securitytracker.com/id?1024096
http://secunia.com/advisories/40206
http://secunia.com/advisories/40824
http://secunia.com/advisories/41480
http://secunia.com/advisories/41490
http://secunia.com/advisories/41722
http://www.vupen.com/english/advisories/2010/1436
XForce ISS Database: apache-modproxyhttp-timeout-info-disc(59413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59413
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.