Details of VAR-200709-0495

ID

VAR-200709-0495

CVE

CVE-2007-4465

TITLE

Apache Mod_AutoIndex.C Undefined character cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200709-166

DESCRIPTION

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. Web pages generated by the affected source code may be prone to a cross-site scripting issue. Versions prior to Apache 2.2.6 are affected. NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3 Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2 Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918) It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388) It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz Size/MD5: 121305 10359a467847b63f8d6603081450fece http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 171402 3b7567107864cf36953e7911a4851738 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 172186 85a591ea061cbc727fc261b046781502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 94240 b80027348754c493312269f7410b38fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 285664 76f4879738a0a788414316581ac2010b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 144250 3cd8327429958569a306257da57e8be0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 786052 7bdddb451607eeb2abb9706641675397 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 215932 bee4a6e00371117203647fd3a311658a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 219800 aaf4968deba24912e4981f35a367a086 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 93282 1ae6def788c74750d79055784c0d8006 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 267832 96c149638daeb993250b18c9f4285abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 145340 109c93408c5197be50960cce80c23b7c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209552 8a23207211e54b138d5a87c15c097908 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 171636 07616e459905bad152a8669c8f670436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 222022 e37ef7d710800e568d838242d3129725 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 208354 0a571678c269d1da06787dac56567f1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212052 90754ccdcd95e652413426376078d223 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 971426 30db1106dfea5106da54d2287c02a380 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 403974 65a11cfaee921517445cf74ed04df701 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434308 2073137bb138dc52bbace666714f4e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 343774 880faca3543426734431c29de77c3048 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb Size/MD5: 278032 4f8270cff0a532bd059741b366047da9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 435354 f3557e1a87154424e9144cf672110e93 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8 . An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5" References ========== [ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 _______________________________________________________________________ Updated Packages: Corporate 3.0: c9c5c7f93bb0fa94835c5594bf210549 corporate/3.0/i586/apache-1.3.29-1.7.C30mdk.i586.rpm bddc9c4aad23e8601d8a836e92e8808a corporate/3.0/i586/apache-devel-1.3.29-1.7.C30mdk.i586.rpm cc176ace02cacae3749540e61e495234 corporate/3.0/i586/apache-modules-1.3.29-1.7.C30mdk.i586.rpm 9289b7b9e19b966f15eea0fe8e183d3e corporate/3.0/i586/apache-source-1.3.29-1.7.C30mdk.i586.rpm 8efcd88ed1620fc9dd2f708af8f44a07 corporate/3.0/SRPMS/apache-1.3.29-1.7.C30mdk.src.rpm Corporate 3.0/X86_64: 59ca425ea89cfb2d67cccec0da61aa50 corporate/3.0/x86_64/apache-1.3.29-1.7.C30mdk.x86_64.rpm a8ff18539221b129855cf9255fe6a68c corporate/3.0/x86_64/apache-devel-1.3.29-1.7.C30mdk.x86_64.rpm 4c65bba7f8538b1d50eab4fdfc161fb4 corporate/3.0/x86_64/apache-modules-1.3.29-1.7.C30mdk.x86_64.rpm 28bb131ffe555d1e945c824a109f1724 corporate/3.0/x86_64/apache-source-1.3.29-1.7.C30mdk.x86_64.rpm 8efcd88ed1620fc9dd2f708af8f44a07 corporate/3.0/SRPMS/apache-1.3.29-1.7.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01756421 Version: 1 HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-06-29 Last Updated: 2009-06-25 Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. References: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier BACKGROUND =============================================== Reference Base Vector Base Score CVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x =============================================== CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For Web Server v3.05 HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com HP-UX B.11.31 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com Web Server v2.25 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE .WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 29 June 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Apache2 Undefined Charset UTF-7 XSS Vulnerability ] Author: SecurityReason Maksymilian Arciemowicz (cXIb8O3) Date: - - Written: 08.08.2007 - - Public: 11.09.2007 SecurityReason Research SecurityAlert Id: 46 CVE: CVE-2007-4465 SecurityRisk: Low Affected Software: Apache 2.x (mod_autoindex) Advisory URL: http://securityreason.com/achievement_securityalert/46 Vendor: http://httpd.apache.org - --- 0.Description --- The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. - --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability --- The XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7. "P=pattern lists only files matching the given pattern" More : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html - -Source code from mod_autoindex.c-------------- #if APR_HAS_UNICODE_FS ap_set_content_type(r, "text/html;charset=utf-8"); #else ap_set_content_type(r, "text/html"); #endif - -Source code from mod_autoindex.c-------------- if APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded. - --- EXAMPLE 1 --- # telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]' GET /icons/ http/1.1 Host: localhost Content-type: text/html Keep-Alive: 300 Connection: keep-alive HTTP/1.1 200 OK Date: Thu, 09 Aug 2007 01:01:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <TITLE>Index of /icons</TITLE> </HEAD> <BODY> <H1>Index of /icons</H1> ... - --- EXAMPLE 1 --- - --- EXAMPLE 2 --- # telnet httpd.apache.org 80 Trying 140.211.11.130... Connected to httpd.apache.org. Escape character is '^]'. GET /icons/ http/1.1 Host: httpd.apache.org Content-type: text/html Keep-Alive: 300 Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 08 Aug 2007 23:06:26 GMT Server: Apache/2.3.0-dev (Unix) Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /icons</title> </head> <body> <h1>Index of /icons</h1> ... - --- EXAMPLE 2 --- Any request to folder /icons don't give charset in main header and in <head></head> section. In requests like 400 404 etc charset is defined (standard UTF8). For example : - --- EXAMPLE 3 (400) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /%0 HTTP/1.1 Host: localhost HTTP/1.1 400 Bad Request Date: Thu, 09 Aug 2007 13:13:32 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 3 --- - --- EXAMPLE 4 (404) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /noex HTTP/1.1 Host: localhost HTTP/1.1 404 Not Found Date: Thu, 09 Aug 2007 13:14:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 4 --- Any request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can't put any text to this site with folder. And it was good idea, but in apache 2.x exist option "P". Like: http://localhost/icons/?P=[Filter] Any value gived to this variable is displayed in html text. For example : http://localhost/icons/?P=Hallo - --- HTML -------- <pre><img src="/icons/blank.gif" alt="Icon "> <a href="?C=N;O=D;P=Hallo">Name</a> - ----------------- - --- 2. Exploit --- SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . - --- 3. How to fix --- Update to Apache 2.2.6 http://www.apache.org/dist/httpd/CHANGES_2.2.6 - --- mod_autoindex: Add in Type and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page and is therefore a viable workaround for buggy browsers affected by CVE-2007-4465 (cve.mitre.org). [Jim Jagielski] - --- - --- 4. Greets --- For: sp3x, Infospec, p_e_a - --- 5. Contact --- Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ] Email: cxib [at] securityreason [dot] com GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (OpenBSD) iD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo MGWmxpeZzSTbVKnHIP5M+2o= =BrVf -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2007-4465 // BID: 25653 // VULMON: CVE-2007-4465 // PACKETSTORM: 63262 // PACKETSTORM: 60759 // PACKETSTORM: 62719 // PACKETSTORM: 78873 // PACKETSTORM: 59301 // PACKETSTORM: 69466 // PACKETSTORM: 82164

AFFECTED PRODUCTS

vendor:	apache	model:	http server	scope:	lt	version:	2.2.6	Trust: 1.0
vendor:	apache	model:	http server	scope:	lt	version:	2.0.61	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.2.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.40	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.45	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.41	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.2	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.3	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.42	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.44	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.43	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	redhat	model:	fedora core7	scope:	-	version:	-	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	apache	model:	2.2.5-dev	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	redhat	model:	certificate server	scope:	eq	version:	7.3	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.35	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	2.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	11x64	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.50	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apache	model:	-dev	scope:	eq	version:	2.0.56	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.39	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	11	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	6.10	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.32	Trust: 0.3
vendor:	avaya	model:	messaging storage server	scope:	eq	version:	3.1	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	turbolinux	model:	personal	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	3	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk 10.sp1	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	appliance server hosting edition	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.51	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor	scope:	eq	version:	2.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop sdk	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop client	scope:	eq	version:	5	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.04	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	redhat	model:	red hat network satellite server	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	redhat	model:	application stack	scope:	eq	version:	v20	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.53	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	avaya	model:	messaging storage server mm3.0	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.43	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	6.10	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.55	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	10.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.37	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.0	Trust: 0.3
vendor:	redhat	model:	enterprise linux es	scope:	eq	version:	2.1	Trust: 0.3
vendor:	s u s e	model:	linux professional oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	4.0.1	Trust: 0.3
vendor:	s u s e	model:	linux personal oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux as	scope:	eq	version:	v14	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	turbolinux	model:	appliance server workgroup edition	scope:	eq	version:	1.0	Trust: 0.3
vendor:	redhat	model:	advanced workstation for the itanium processor ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	avaya	model:	meeting exchange	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.45	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.0	Trust: 0.3
vendor:	avaya	model:	message networking	scope:	eq	version:	3.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.38	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apache	model:	2.0.61-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	avaya	model:	aura sip enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	3.1	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.44	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	5	Trust: 0.3
vendor:	apache	model:	beta	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	redhat	model:	enterprise linux as ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.40	Trust: 0.3
vendor:	avaya	model:	communication manager	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1	Trust: 0.3
vendor:	redhat	model:	application stack for enterprise linux es	scope:	eq	version:	v14	Trust: 0.3
vendor:	avaya	model:	voice portal	scope:	eq	version:	4.1	Trust: 0.3
vendor:	s u s e	model:	novell linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	avaya	model:	message networking mn	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	3	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	redhat	model:	fedora core6	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.6	Trust: 0.3
vendor:	avaya	model:	ccs	scope:	eq	version:	4.0	Trust: 0.3
vendor:	apache	model:	a9	scope:	eq	version:	2.0	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.2	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	4	Trust: 0.3
vendor:	redhat	model:	enterprise linux ws	scope:	eq	version:	3	Trust: 0.3
vendor:	redhat	model:	desktop	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.58	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.54	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop workstation client	scope:	eq	version:	5	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.42	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.8	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.28	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.52	Trust: 0.3
vendor:	avaya	model:	intuity audix lx	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	apache	model:	apache	scope:	ne	version:	2.2.6	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.36	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.04	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.41	Trust: 0.3
vendor:	avaya	model:	aura application enablement services	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	apache	model:	2.0.60-dev	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0.0x64	Trust: 0.3
vendor:	redhat	model:	enterprise linux es ia64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	redhat	model:	enterprise linux as	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	turbolinux	model:	multimedia	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	apache	scope:	eq	version:	2.0.59	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.04	Trust: 0.3

sources: BID: 25653 // CNNVD: CNNVD-200709-166 // NVD: CVE-2007-4465

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4465
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200709-166
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2007-4465
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4465
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

sources: VULMON: CVE-2007-4465 // CNNVD: CNNVD-200709-166 // NVD: CVE-2007-4465

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.0

sources: NVD: CVE-2007-4465

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-166

TYPE

xss

Trust: 1.2

sources: PACKETSTORM: 63262 // PACKETSTORM: 60759 // PACKETSTORM: 62719 // PACKETSTORM: 59301 // PACKETSTORM: 69466 // PACKETSTORM: 82164 // CNNVD: CNNVD-200709-166

PATCH

title:	Debian CVElist Bug Report Logs: apache2: CVE-2007-4465	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8a7503dd359ab44b424a9918eb8a6f66	Trust: 0.1
title:	Ubuntu Security Notice: apache2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-575-1	Trust: 0.1
title:	-	url:	https://github.com/SecureAxom/strike	Trust: 0.1

sources: VULMON: CVE-2007-4465

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4465	Trust: 2.7
db:	BID	id:	25653	Trust: 2.0
db:	USCERT	id:	TA08-150A	Trust: 1.7
db:	SECUNIA	id:	33105	Trust: 1.7
db:	SECUNIA	id:	28749	Trust: 1.7
db:	SECUNIA	id:	35650	Trust: 1.7
db:	SECUNIA	id:	28607	Trust: 1.7
db:	SECUNIA	id:	27732	Trust: 1.7
db:	SECUNIA	id:	31651	Trust: 1.7
db:	SECUNIA	id:	26952	Trust: 1.7
db:	SECUNIA	id:	30430	Trust: 1.7
db:	SECUNIA	id:	28471	Trust: 1.7
db:	SECUNIA	id:	26842	Trust: 1.7
db:	SECUNIA	id:	27563	Trust: 1.7
db:	SECUNIA	id:	28467	Trust: 1.7
db:	VUPEN	id:	ADV-2008-1697	Trust: 1.7
db:	SREASON	id:	3113	Trust: 1.7
db:	SECTRACK	id:	1019194	Trust: 1.7
db:	HP	id:	SSRT080118	Trust: 0.6
db:	HP	id:	SSRT090192	Trust: 0.6
db:	HP	id:	SSRT090085	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2007:061	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-05-28	Trust: 0.6
db:	MANDRIVA	id:	MDVSA-2008:014	Trust: 0.6
db:	REDHAT	id:	RHSA-2008:0005	Trust: 0.6
db:	REDHAT	id:	RHSA-2008:0004	Trust: 0.6
db:	REDHAT	id:	RHSA-2008:0008	Trust: 0.6
db:	REDHAT	id:	RHSA-2008:0006	Trust: 0.6
db:	REDHAT	id:	RHSA-2007:0911	Trust: 0.6
db:	REDHAT	id:	RHSA-2008:0261	Trust: 0.6
db:	GENTOO	id:	GLSA-200711-06	Trust: 0.6
db:	FEDORA	id:	FEDORA-2007-2214	Trust: 0.6
db:	FEDORA	id:	FEDORA-2007-707	Trust: 0.6
db:	UBUNTU	id:	USN-575-1	Trust: 0.6
db:	SREASONRES	id:	20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY	Trust: 0.6
db:	XF	id:	7	Trust: 0.6
db:	XF	id:	36586	Trust: 0.6
db:	BUGTRAQ	id:	20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY	Trust: 0.6
db:	OVAL	id:	OVAL:ORG.MITRE.OVAL:DEF:6089	Trust: 0.6
db:	CERT/CC	id:	TA08-150A	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-166	Trust: 0.6
db:	VULMON	id:	CVE-2007-4465	Trust: 0.1
db:	PACKETSTORM	id:	63262	Trust: 0.1
db:	PACKETSTORM	id:	60759	Trust: 0.1
db:	PACKETSTORM	id:	62719	Trust: 0.1
db:	PACKETSTORM	id:	78873	Trust: 0.1
db:	PACKETSTORM	id:	59301	Trust: 0.1
db:	PACKETSTORM	id:	69466	Trust: 0.1
db:	PACKETSTORM	id:	82164	Trust: 0.1

sources: VULMON: CVE-2007-4465 // BID: 25653 // PACKETSTORM: 63262 // PACKETSTORM: 60759 // PACKETSTORM: 62719 // PACKETSTORM: 78873 // PACKETSTORM: 59301 // PACKETSTORM: 69466 // PACKETSTORM: 82164 // CNNVD: CNNVD-200709-166 // NVD: CVE-2007-4465

REFERENCES

url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432	Trust: 2.3
url:	http://marc.info/?l=bugtraq&m=124654546101607&w=2	Trust: 2.3
url:	http://marc.info/?l=bugtraq&m=125631037611762&w=2	Trust: 2.3
url:	http://www.apache.org/dist/httpd/changes_2.2.6	Trust: 2.1
url:	http://support.avaya.com/elmodocs2/security/asa-2008-032.htm	Trust: 2.0
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html	Trust: 2.0
url:	http://securityreason.com/achievement_securityalert/46	Trust: 1.8
url:	http://www.securityfocus.com/bid/25653	Trust: 1.8
url:	http://security.gentoo.org/glsa/glsa-200711-06.xml	Trust: 1.8
url:	http://securityreason.com/securityalert/3113	Trust: 1.7
url:	http://bugs.gentoo.org/show_bug.cgi?id=186219	Trust: 1.7
url:	http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2007-0911.html	Trust: 1.7
url:	http://www.novell.com/linux/security/advisories/2007_61_apache2.html	Trust: 1.7
url:	http://secunia.com/advisories/26842	Trust: 1.7
url:	http://secunia.com/advisories/26952	Trust: 1.7
url:	http://secunia.com/advisories/27563	Trust: 1.7
url:	http://secunia.com/advisories/27732	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2008:014	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2008-0004.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2008-0005.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2008-0006.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2008-0008.html	Trust: 1.7
url:	http://securitytracker.com/id?1019194	Trust: 1.7
url:	http://secunia.com/advisories/28467	Trust: 1.7
url:	http://secunia.com/advisories/28471	Trust: 1.7
url:	http://secunia.com/advisories/28607	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-575-1	Trust: 1.7
url:	http://secunia.com/advisories/28749	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2008-0261.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2008//may/msg00001.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta08-150a.html	Trust: 1.7
url:	http://secunia.com/advisories/30430	Trust: 1.7
url:	http://secunia.com/advisories/31651	Trust: 1.7
url:	http://secunia.com/advisories/33105	Trust: 1.7
url:	http://secunia.com/advisories/35650	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2008/1697	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36586	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6089	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10929	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/479237/100/0/threaded	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4465	Trust: 0.7
url:	http://www.securityfocus.com/archive/1/archive/1/479237/100/0/threaded	Trust: 0.6
url:	http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:6089	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/36586	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/1697	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0005	Trust: 0.4
url:	http://httpd.apache.org/	Trust: 0.3
url:	/archive/1/479237	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2008-026.htm	Trust: 0.3
url:	http://support.avaya.com/elmodocs2/security/asa-2008-031.htm	Trust: 0.3
url:	http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2007-0911.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0004.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0005.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0006.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0008.html	Trust: 0.3
url:	http://rhn.redhat.com/errata/rhsa-2008-0261.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2168	Trust: 0.3
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.3
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.3
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.3
url:	https://www.hp.com/go/swa	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6388	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-3918	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3847	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2007-5000	Trust: 0.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2371	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3660	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5498	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0599	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2829	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2665	Trust: 0.2
url:	http://software.hp.com	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5557	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5624	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3659	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2666	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2364	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783	Trust: 0.1
url:	https://usn.ubuntu.com/575-1/	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6422	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6421	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-1863	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://enigmail.mozdev.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-1862	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-3304	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2006-5752	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847	Trust: 0.1
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5658	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5625	Trust: 0.1
url:	http://securityreason.pl/key/arciemowicz.maksymilian.gpg	Trust: 0.1
url:	http://localhost/icons/?p=hallo	Trust: 0.1
url:	http://localhost/icons/?p=[filter]	Trust: 0.1
url:	http://securityreason.com	Trust: 0.1
url:	http://httpd.apache.org	Trust: 0.1
url:	http://securityreason.pl	Trust: 0.1
url:	http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2939	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6203	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3658	Trust: 0.1

CREDITS

Maksymilian Arciemowicz is credited with the discovery of this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-200709-166

SOURCES

db:	VULMON	id:	CVE-2007-4465
db:	BID	id:	25653
db:	PACKETSTORM	id:	63262
db:	PACKETSTORM	id:	60759
db:	PACKETSTORM	id:	62719
db:	PACKETSTORM	id:	78873
db:	PACKETSTORM	id:	59301
db:	PACKETSTORM	id:	69466
db:	PACKETSTORM	id:	82164
db:	CNNVD	id:	CNNVD-200709-166
db:	NVD	id:	CVE-2007-4465

LAST UPDATE DATE

2024-11-21T20:12:12.767000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2007-4465	date:	2018-10-30T00:00:00
db:	BID	id:	25653	date:	2010-08-05T21:45:00
db:	CNNVD	id:	CNNVD-200709-166	date:	2009-07-15T00:00:00
db:	NVD	id:	CVE-2007-4465	date:	2024-01-19T15:13:13.213

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2007-4465	date:	2007-09-14T00:00:00
db:	BID	id:	25653	date:	2007-09-12T00:00:00
db:	PACKETSTORM	id:	63262	date:	2008-02-05T00:41:56
db:	PACKETSTORM	id:	60759	date:	2007-11-07T20:27:55
db:	PACKETSTORM	id:	62719	date:	2008-01-17T05:56:17
db:	PACKETSTORM	id:	78873	date:	2009-07-02T18:53:57
db:	PACKETSTORM	id:	59301	date:	2007-09-13T23:41:20
db:	PACKETSTORM	id:	69466	date:	2008-08-29T05:14:23
db:	PACKETSTORM	id:	82164	date:	2009-10-23T18:14:28
db:	CNNVD	id:	CNNVD-200709-166	date:	2007-09-13T00:00:00
db:	NVD	id:	CVE-2007-4465	date:	2007-09-14T00:17:00