ID

VAR-200711-0538


CVE

CVE-2007-6203


TITLE

Apache HTTP Server of 413 In the error message HTTP Problems not checking the method properly

Trust: 0.8

sources: JVNDB: JVNDB-2007-001017

DESCRIPTION

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Multiple vulnerabilities Date: March 11, 2008 Bugs: #201163, #204410, #205195, #209899 ID: 200803-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Apache. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.2.8 >= 2.2.8 Description =========== Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8" References ========== [ 1 ] CVE-2007-6203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203 [ 2 ] CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 [ 3 ] CVE-2008-0005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 [ 4 ] CVE-2008-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455 [ 5 ] CVE-2008-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. =========================================================== Ubuntu Security Notice USN-731-1 March 10, 2009 apache2 vulnerabilities CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.4 apache2-mpm-perchild 2.2.8-1ubuntu0.4 apache2-mpm-prefork 2.2.8-1ubuntu0.4 apache2-mpm-worker 2.2.8-1ubuntu0.4 apache2.2-common 2.2.8-1ubuntu0.4 In general, a standard system upgrade is sufficient to effect the necessary changes. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203) It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420) It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678) It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168) It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364) It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb Size/MD5: 2124948 5153435633998e4190b54eb101afd271 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 786528 353ed1839a8201d0211ede114565e60d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 199114 6a77314579722ca085726e4220be4e9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 92520 787a673994d746b4ad3788c16516832a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 803706 f14be1535acf528f89d301c8ec092015 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 211028 28b74d86e10301276cadef208b460658 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 268178 5a853d01127853405a677c53dc2bf254 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 130456 a0a51bb9405224948b88903779347427 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc Size/MD5: 1333 b028e602b998a666681d1aa73b980c06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 410674 684ad4367bc9250468351b5807dee424 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 411258 17f53e8d3898607ce155dc333237690c http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 367392 612ddcebee145f765163a0b30124393a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 410676 cf7bed097f63e3c24337813621866498 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 411252 5a30177f7039f52783576e126cf042d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 801764 3759103e3417d44bea8866399ba34a66 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 139904 b503316d420ccb7efae5082368b95e01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01905287 Version: 1 HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-10-21 Last Updated: 2009-10-21 Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL http://software.hp.com Note: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05 Note: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12 Web Server Suite Version HP-UX Release Depot name Web Server v3.06 B.11.23 and B.11.31 PA-32 HPUX22SATW-1123-32.depot Web Server v3.06 B.11.23 and B.11.31 IA-64 HPUX22SATW-1123-64.depot Web Server v2.27 B.11.11 PA-32 HPUXSATW-1111-64-32.depot Web Server v2.27 B.11.23 PA-32 and IA-64 HPUXWSATW-1123-64-bit.depot Web Server v2.27 B.11.31 IA-32 and IA-64 HPUXSATW-1131-64.depot MANUAL ACTIONS: Yes - Update Install Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For Web Server Suite before v3.06 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.05 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.05 or subsequent For Web Server Suite before v2.27 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent HP-UX B.11.23 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent HP-UX B.11.31 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 21 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7 hQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0= =TAoy -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2007-6203 // JVNDB: JVNDB-2007-001017 // BID: 26663 // VULMON: CVE-2007-6203 // PACKETSTORM: 96536 // PACKETSTORM: 64520 // PACKETSTORM: 75604 // PACKETSTORM: 82164

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:2.1.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.2.4

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.58

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.1.2

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.1.1

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.1.5

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.2.2

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.59

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.2.3

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.1.4

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.54

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.49

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.50

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.57

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.1.6

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.47

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.52

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.55

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.51

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.46

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.48

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.53

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.1.7

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.1.8

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.0.62

Trust: 0.8

vendor:apachemodel:http serverscope:lteversion:2.2.7

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:2.0.47.1

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:6.0.2.27

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:6.1.0.15

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.2

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux multimediascope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux personalscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:enterprise version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus application serverscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:light version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:professional version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:standard version 6

Trust: 0.8

vendor:hitachimodel:cosminexus developerscope:eqversion:version 5

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:enterprise edition

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:standard edition

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:standard edition version 4

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:web edition

Trust: 0.8

vendor:hitachimodel:cosminexus serverscope:eqversion:web edition version 4

Trust: 0.8

vendor:hitachimodel:web serverscope: - version: -

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:enterprise

Trust: 0.8

vendor:hitachimodel:ucosminexus application serverscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:light

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 0.8

vendor:hitachimodel:ucosminexus developerscope:eqversion:standard

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:architect

Trust: 0.8

vendor:hitachimodel:ucosminexus servicescope:eqversion:platform

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker resource coordinatorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.58

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.54

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.1x86-64

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.52

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.13

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11

Trust: 0.3

vendor:turbolinuxmodel:personalscope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise sdk 10.sp1scope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:neversion:2.2.8

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.59

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.49

Trust: 0.3

vendor:s u s emodel:novell linux desktop sdkscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:5.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:5.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.50

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:s u s emodel:linux ppcscope:eqversion:10.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:s u s emodel:linuxscope:eqversion:10.1x86

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.8

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.4

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:7.10

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.19

Trust: 0.3

vendor:ibmmodel:hardware management console for pseries r1.3scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.51

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:turbolinuxmodel:fujiscope:eqversion:0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.15

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.53

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.10

Trust: 0.3

vendor:ibmmodel:hardware management console for iseries r1.3scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.55

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.7

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.10

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.5

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.3

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.48

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:7.10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.47

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.10

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.46

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.12

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0.0x64

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.4

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.13

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.27

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.23

Trust: 0.3

vendor:turbolinuxmodel:multimediascope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.1.6

Trust: 0.3

sources: BID: 26663 // JVNDB: JVNDB-2007-001017 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6203
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-6203
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200712-012
value: MEDIUM

Trust: 0.6

VULMON: CVE-2007-6203
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-6203
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2007-6203 // JVNDB: JVNDB-2007-001017 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2007-001017 // NVD: CVE-2007-6203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-012

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 82164 // CNNVD: CNNVD-200712-012

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-001017

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2007-6203

PATCH

title:httpd-2.3url:http://httpd.apache.org/dev/devnotes.html

Trust: 0.8

title:600645url:http://svn.apache.org/viewvc?view=rev&revision=600645

Trust: 0.8

title:Security Update 2008-002url:http://docs.info.apple.com/article.html?artnum=307562-en

Trust: 0.8

title:Security Update 2008-002url:http://docs.info.apple.com/article.html?artnum=307562-ja

Trust: 0.8

title:Changes with Apache 2.0.62url:http://www.apache.org/dist/httpd/CHANGES_2.0.63

Trust: 0.8

title:Changes with Apache 2.2.7url:http://www.apache.org/dist/httpd/CHANGES_2.2.8

Trust: 0.8

title:HS08-004url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-004/index.html

Trust: 0.8

title:HPSBUX02612url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02579879

Trust: 0.8

title:HPSBUX02465url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905287

Trust: 0.8

title:7008517url:http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61015

Trust: 0.8

title: PK65782url:http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782

Trust: 0.8

title:PK57952url:http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952

Trust: 0.8

title:4019245url:http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Trust: 0.8

title:1266url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1266

Trust: 0.8

title:TLSA-2008-24url:http://www.turbolinux.co.jp/security/2008/TLSA-2008-24j.txt

Trust: 0.8

title:HS08-004url:http://www.hitachi-support.com/security/vuls/HS08-004/index.html

Trust: 0.8

title:interstage_as_200807url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200807.html

Trust: 0.8

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-731-1

Trust: 0.1

title:Debian CVElist Bug Report Logs: apache2: CVE-2007-4465url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8a7503dd359ab44b424a9918eb8a6f66

Trust: 0.1

title: - url:https://github.com/SecureAxom/strike

Trust: 0.1

sources: VULMON: CVE-2007-6203 // JVNDB: JVNDB-2007-001017

EXTERNAL IDS

db:NVDid:CVE-2007-6203

Trust: 3.2

db:BIDid:26663

Trust: 2.8

db:SECUNIAid:27906

Trust: 2.5

db:SECTRACKid:1019030

Trust: 2.5

db:SECUNIAid:29348

Trust: 1.7

db:SECUNIAid:33105

Trust: 1.7

db:SECUNIAid:30356

Trust: 1.7

db:SECUNIAid:29640

Trust: 1.7

db:SECUNIAid:28196

Trust: 1.7

db:SECUNIAid:30732

Trust: 1.7

db:SECUNIAid:29420

Trust: 1.7

db:SECUNIAid:34219

Trust: 1.7

db:SREASONid:3411

Trust: 1.7

db:VUPENid:ADV-2007-4301

Trust: 1.7

db:VUPENid:ADV-2008-1875

Trust: 1.7

db:VUPENid:ADV-2008-0924

Trust: 1.7

db:VUPENid:ADV-2008-1623

Trust: 1.7

db:VUPENid:ADV-2007-4060

Trust: 1.7

db:XFid:38800

Trust: 1.4

db:USCERTid:TA08-079A

Trust: 0.8

db:USCERTid:SA08-079A

Trust: 0.8

db:JVNDBid:JVNDB-2007-001017

Trust: 0.8

db:GENTOOid:GLSA-200803-19

Trust: 0.6

db:HPid:SSRT090192

Trust: 0.6

db:SUSEid:SUSE-SA:2008:021

Trust: 0.6

db:BUGTRAQid:20071130 PR07-37: XSS ON APACHE HTTP SERVER 413 ERROR PAGES VIA MALFORMED HTTP METHOD

Trust: 0.6

db:AIXAPARid:PK65782

Trust: 0.6

db:AIXAPARid:PK57952

Trust: 0.6

db:UBUNTUid:USN-731-1

Trust: 0.6

db:XFid:413

Trust: 0.6

db:APPLEid:APPLE-SA-2008-03-18

Trust: 0.6

db:CNNVDid:CNNVD-200712-012

Trust: 0.6

db:EXPLOIT-DBid:30835

Trust: 0.1

db:VULMONid:CVE-2007-6203

Trust: 0.1

db:PACKETSTORMid:96536

Trust: 0.1

db:PACKETSTORMid:64520

Trust: 0.1

db:PACKETSTORMid:75604

Trust: 0.1

db:PACKETSTORMid:82164

Trust: 0.1

sources: VULMON: CVE-2007-6203 // BID: 26663 // JVNDB: JVNDB-2007-001017 // PACKETSTORM: 96536 // PACKETSTORM: 64520 // PACKETSTORM: 75604 // PACKETSTORM: 82164 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

REFERENCES

url:http://www.securityfocus.com/bid/26663

Trust: 2.5

url:http://www.securitytracker.com/id?1019030

Trust: 2.5

url:http://marc.info/?l=bugtraq&m=125631037611762&w=2

Trust: 2.3

url:http://www-1.ibm.com/support/docview.wss?uid=swg1pk57952

Trust: 2.0

url:http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

Trust: 2.0

url:http://security.gentoo.org/glsa/glsa-200803-19.xml

Trust: 1.8

url:http://procheckup.com/vulnerability_pr07-37.php

Trust: 1.7

url:http://secunia.com/advisories/27906

Trust: 1.7

url:http://secunia.com/advisories/28196

Trust: 1.7

url:http://secunia.com/advisories/29348

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=307562

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html

Trust: 1.7

url:http://secunia.com/advisories/29420

Trust: 1.7

url:http://securityreason.com/securityalert/3411

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

Trust: 1.7

url:http://secunia.com/advisories/29640

Trust: 1.7

url:http://secunia.com/advisories/30356

Trust: 1.7

url:http://secunia.com/advisories/30732

Trust: 1.7

url:http://secunia.com/advisories/33105

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-731-1

Trust: 1.7

url:http://secunia.com/advisories/34219

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2007/4060

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/38800

Trust: 1.4

url:http://marc.info/?l=bugtraq&m=129190899612998&w=2

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/4301

Trust: 1.1

url:http://www.vupen.com/english/advisories/2007/4060

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/1623/references

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/0924/references

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/1875/references

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38800

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12166

Trust: 1.1

url:http://www.securityfocus.com/archive/1/484410/100/0/threaded

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6203

Trust: 0.9

url:http://jvn.jp/cert/jvnta08-079a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6203

Trust: 0.8

url:http://secunia.com/advisories/27906/

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa08-079a.html

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/1875/references

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2007/4301

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/1623/references

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2008/0924/references

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2007-6203

Trust: 0.4

url:http://httpd.apache.org/

Trust: 0.3

url:http://issues.apache.org/bugzilla/show_bug.cgi?id=44014

Trust: 0.3

url:http://www.apache.org/dist/httpd/changes_2.2.8

Trust: 0.3

url:https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110

Trust: 0.3

url:/archive/1/484410

Trust: 0.3

url:http://software.hp.com

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2006-3918

Trust: 0.2

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.2

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-0005

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-2364

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-2939

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2008-2168

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/30835/

Trust: 0.1

url:https://usn.ubuntu.com/731-1/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1890

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1891

Trust: 0.1

url:http://bugs.gentoo.org.

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0456

Trust: 0.1

url:http://enigmail.mozdev.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0456

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0455

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0455

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-6422

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-1678

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-6420

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2371

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5498

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2829

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5557

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2666

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3658

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-4465

Trust: 0.1

sources: VULMON: CVE-2007-6203 // BID: 26663 // JVNDB: JVNDB-2007-001017 // PACKETSTORM: 96536 // PACKETSTORM: 64520 // PACKETSTORM: 75604 // PACKETSTORM: 82164 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

CREDITS

Amit Klein Amit.Klein@SanctumInc.com

Trust: 0.6

sources: CNNVD: CNNVD-200712-012

SOURCES

db:VULMONid:CVE-2007-6203
db:BIDid:26663
db:JVNDBid:JVNDB-2007-001017
db:PACKETSTORMid:96536
db:PACKETSTORMid:64520
db:PACKETSTORMid:75604
db:PACKETSTORMid:82164
db:CNNVDid:CNNVD-200712-012
db:NVDid:CVE-2007-6203

LAST UPDATE DATE

2024-11-21T21:03:13.327000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2007-6203date:2018-10-15T00:00:00
db:BIDid:26663date:2014-02-11T00:26:00
db:JVNDBid:JVNDB-2007-001017date:2010-12-20T00:00:00
db:CNNVDid:CNNVD-200712-012date:2009-03-20T00:00:00
db:NVDid:CVE-2007-6203date:2018-10-15T21:50:58.373

SOURCES RELEASE DATE

db:VULMONid:CVE-2007-6203date:2007-12-03T00:00:00
db:BIDid:26663date:2007-11-30T00:00:00
db:JVNDBid:JVNDB-2007-001017date:2007-12-20T00:00:00
db:PACKETSTORMid:96536date:2010-12-09T12:11:11
db:PACKETSTORMid:64520date:2008-03-13T04:49:36
db:PACKETSTORMid:75604date:2009-03-10T21:13:00
db:PACKETSTORMid:82164date:2009-10-23T18:14:28
db:CNNVDid:CNNVD-200712-012date:2007-11-30T00:00:00
db:NVDid:CVE-2007-6203date:2007-12-03T22:46:00