ID

VAR-200801-0561


CVE

CVE-2007-6388


TITLE

Apache HTTP Server of mod_status Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2008-001001

DESCRIPTION

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server.An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if the Status Information Display function is being disabled. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks. The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3 Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2 Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is disabled in Ubuntu. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz Size/MD5: 121305 10359a467847b63f8d6603081450fece http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 171402 3b7567107864cf36953e7911a4851738 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 172186 85a591ea061cbc727fc261b046781502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 94240 b80027348754c493312269f7410b38fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 285664 76f4879738a0a788414316581ac2010b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 144250 3cd8327429958569a306257da57e8be0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 786052 7bdddb451607eeb2abb9706641675397 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 215932 bee4a6e00371117203647fd3a311658a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 219800 aaf4968deba24912e4981f35a367a086 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 93282 1ae6def788c74750d79055784c0d8006 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 267832 96c149638daeb993250b18c9f4285abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 145340 109c93408c5197be50960cce80c23b7c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209552 8a23207211e54b138d5a87c15c097908 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 171636 07616e459905bad152a8669c8f670436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 222022 e37ef7d710800e568d838242d3129725 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 208354 0a571678c269d1da06787dac56567f1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212052 90754ccdcd95e652413426376078d223 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 971426 30db1106dfea5106da54d2287c02a380 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 403974 65a11cfaee921517445cf74ed04df701 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434308 2073137bb138dc52bbace666714f4e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 343774 880faca3543426734431c29de77c3048 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb Size/MD5: 278032 4f8270cff0a532bd059741b366047da9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 435354 f3557e1a87154424e9144cf672110e93 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8 . The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server. 2. Relevant releases VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier 3. Problem Description a. Third Party Library libpng Updated to 1.2.35 Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any 6.5.3 build 185404 or later Player 2.5.x any 2.5.3 build 185404 or later ACE 2.5.x any 2.5.3 build 185404 or later Server 2.x any patch pending Server 1.x any patch pending Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * * The libpng update for the Service Console of ESX 2.5.5 is documented in VMSA-2009-0007. b. Apache HTTP Server updated to 2.0.63 The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues that have been addressed by this update. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Player 2.5.x any not affected ACE 2.5.x Windows 2.5.3 build 185404 or later ACE 2.5.x Linux update Apache on host system * Server 2.x any not affected Server 1.x any not affected Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * The Apache HTTP Server is not part of an ACE install on a Linux host. Update the Apache HTTP Server on the host system to version 2.0.63 in order to remediate the vulnerabilities listed above. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 - ------------------------------------------------------------------------ 6. Change log 2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01607570 Version: 1 HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-11-19 Last Updated: 2008-11-19 Potential Security Impact: Remote cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). References: CVE-2007-6388, CVE-2007-5000 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has made patches available to resolve the vulnerabilities. The patches are available from http://itrc.hp.com OV NNM v7.53 =========== Operating_System - HP-UX (IA) Resolved in Patch - PHSS_38148 or subsequent Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38147 or subsequent Operating_System - Linux RedHatAS2.1 Resolved in Patch - LXOV_00085 or subsequent Operating_System - Linux RedHat4AS-x86_64 Resolved in Patch - LXOV_00086 or subsequent Operating_System - Solaris Resolved in Patch - PSOV_03514 or subsequent OV NNM v7.51 =========== Upgrade to NNM v7.53 and install the patches listed above. OV NNM v7.01 =========== Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38761 or subsequent Operating_System - Solaris Resolved in Patch - PSOV_03516 or subsequent MANUAL ACTIONS: Yes - NonUpdate Apply the appropriate file as described in the Resolution. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) ============= OVNNMgr.OVNNM-RUN action: install PHSS_38148 or subsequent URL: http://itrc.hp.com HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38147 or subsequent URL: http://itrc.hp.com For HP-UX OV NNM 7.51 HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches For HP-UX OV NNM 7.01 HP-UX B.11.00 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38761 or subsequent URL: http://itrc.hp.com END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 19 November 2008 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs A2UIaH3YB7z+o42Tm7Eg7ahn =lskD -----END PGP SIGNATURE----- . The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state." - --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability --- During the fact that Apache mod_status do not filter char ";" we can inject new URL. This fact give attacker open redirector and can lead to phishing attack. Also attacker can create more advanced method to trigger XSS on victim's browser. Exploit --- SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . References --- A Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein - --- 5. Greets --- For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp - --- 6. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier

Trust: 3.51

sources: NVD: CVE-2007-6388 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // BID: 27237 // VULMON: CVE-2007-6388 // PACKETSTORM: 63262 // PACKETSTORM: 89987 // PACKETSTORM: 80533 // PACKETSTORM: 62719 // PACKETSTORM: 62721 // PACKETSTORM: 101257 // PACKETSTORM: 72120 // PACKETSTORM: 62634 // PACKETSTORM: 63601

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:lteversion:1.3.39

Trust: 1.8

vendor:apachemodel:http serverscope:lteversion:2.0.61

Trust: 1.8

vendor:apachemodel:http serverscope:lteversion:2.2.6

Trust: 1.8

vendor:hitachimodel:cosminexus application server enterprisescope:eqversion:version 6

Trust: 1.6

vendor:hitachimodel:cosminexus application server standardscope:eqversion:version 6

Trust: 1.6

vendor:hitachimodel:cosminexus application server version 5scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus developer light version 6scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus developer professional version 6scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus developer standard version 6scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus developer version 5scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus server - enterprise editionscope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus server - standard editionscope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus server - standard edition version 4scope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus server - web editionscope: - version: -

Trust: 1.6

vendor:hitachimodel:cosminexus server - web edition version 4scope: - version: -

Trust: 1.6

vendor:hitachimodel:web serverscope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus application server enterprisescope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus application server standardscope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus developerscope:eqversion:professional

Trust: 1.6

vendor:hitachimodel:ucosminexus developer lightscope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus developer standardscope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus service architectscope: - version: -

Trust: 1.6

vendor:hitachimodel:ucosminexus service platformscope: - version: -

Trust: 1.6

vendor:oraclemodel:http serverscope:eqversion:10.1.3.5.0

Trust: 1.1

vendor:ibmmodel:http serverscope:eqversion:1.3.28.1

Trust: 1.1

vendor:apachemodel:http serverscope:gteversion:2.0.35

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:1.3.2

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:ibmmodel:http serverscope:ltversion:2.0.47.1

Trust: 0.8

vendor:ibmmodel:http serverscope:ltversion:6.0.2.27

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.2

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:2.1

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:1.0 (hosting)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:1.0 (workgroup)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:2.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux fujiscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux multimediascope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux personalscope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:10 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:red hatmodel:application stackscope:eqversion:v1 for enterprise linux as (v.4)

Trust: 0.8

vendor:red hatmodel:application stackscope:eqversion:v1 for enterprise linux es (v.4)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:linux advanced workstationscope:eqversion:2.1

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker resource coordinatorscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:eqversion:2.2.4

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.0.60

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.3

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.2

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.0.59

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.6

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.5

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.0.61

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.1

Trust: 0.6

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2007.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.49

Trust: 0.3

vendor:apachemodel:2.2.5-devscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:neversion:2.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.35

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0.1

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.50

Trust: 0.3

vendor:vmwaremodel:workstationscope:eqversion:6.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:apachemodel:2.2.7-devscope:neversion: -

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.0

Trust: 0.3

vendor:apachemodel:-devscope:eqversion:2.0.56

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.6

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.5

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:4)4.2

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.34

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.28

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:10.1x86

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.39

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:6.10

Trust: 0.3

vendor:vmwaremodel:workstationscope:eqversion:6.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:3.1

Trust: 0.3

vendor:apachemodel:-devscope:eqversion:1.3.7

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:3.1.2

Trust: 0.3

vendor:turbolinuxmodel:personalscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:nortelmodel:networks self-service peri applicationscope:eqversion:0

Trust: 0.3

vendor:susemodel:linux enterprise sdk 10.sp1scope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:appliance server hosting editionscope:eqversion:1.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.51

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:7.04

Trust: 0.3

vendor:nortelmodel:networks self-service wvadsscope:eqversion:0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:3.1.1

Trust: 0.3

vendor:apachemodel:-devscope:eqversion:1.3.35

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:4.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2007.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:3.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:vmwaremodel:playerscope:eqversion:2.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.35

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.22

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:s u s emodel:novell linux desktop sdkscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.9

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.04

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:5.0.1

Trust: 0.3

vendor:redhatmodel:red hat network satellite serverscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:apachemodel:2.2.6-devscope: - version: -

Trust: 0.3

vendor:apachemodel:1.3.40-devscope:neversion: -

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.53

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:6.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:5.0.1

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.43

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.47

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:6.10

Trust: 0.3

vendor:hpmodel:openview network node managerscope:eqversion:7.51

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.55

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:6.10

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.20

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:2.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.26

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:vmwaremodel:playerscope:eqversion:2.5.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.37

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2007.1

Trust: 0.3

vendor:hpmodel:openview network node managerscope:eqversion:7.53

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.14

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:6.10

Trust: 0.3

vendor:susemodel:linux ppcscope:eqversion:10.1

Trust: 0.3

vendor:ibmmodel:hardware management console for pseries r1.3scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.33

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.11

Trust: 0.3

vendor:redhatmodel:network proxy (for rhelscope:eqversion:4)4.2

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:nortelmodel:networks self-service speech serverscope:eqversion:0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:turbolinuxmodel:fujiscope:eqversion:0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2007.0

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:neversion:6.1.17

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.36

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.1

Trust: 0.3

vendor:ibmmodel:hardware management console for iseries r1.3scope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:redhatmodel:application stack for enterprise linux asscope:eqversion:v14

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:redhatmodel:network satellite (for rhelscope:eqversion:3)4.2

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:turbolinuxmodel:appliance server workgroup editionscope:eqversion:1.0

Trust: 0.3

vendor:hpmodel:openview network node managerscope:eqversion:7.01

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processor ia64scope:eqversion:2.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.48

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.45

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.12

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.10

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.38

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:2.0.61-devscope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.46

Trust: 0.3

vendor:apachemodel:2.0.62-devscope:neversion: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:nortelmodel:networks self-service peri workstationscope:eqversion:0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:vmwaremodel:acescope:eqversion:2.5.2

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:3.1

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.44

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.24

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.0.63

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.40

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:redhatmodel:application stack for enterprise linux esscope:eqversion:v14

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.23

Trust: 0.3

vendor:redhatmodel:network proxy (for rhelscope:eqversion:4)5.0

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:hpmodel:business availability centerscope:eqversion:8.01

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.1-1

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.39

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:fedorascope:eqversion:7

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.19

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.18

Trust: 0.3

vendor:vmwaremodel:acescope:eqversion:2.5.1

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.2

Trust: 0.3

vendor:avayamodel:ccsscope:eqversion:4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.27

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:7.10

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:network proxy (for rhelscope:eqversion:3)4.2

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:nortelmodel:networks self-service web centric ccxmlscope:eqversion: -

Trust: 0.3

vendor:nortelmodel:networks self service voicexmlscope:eqversion:0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.58

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.54

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.10

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.42

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:1.1-1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.3

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.37

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.52

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.36

Trust: 0.3

vendor:susemodel:linuxscope:eqversion:10.1x86-64

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.32

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.41

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.4

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.29

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.6

Trust: 0.3

vendor:apachemodel:2.0.60-devscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0.0x64

Trust: 0.3

vendor:nortelmodel:networks self-service media processing serverscope:eqversion:0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.17

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:apachemodel:apachescope:neversion:1.3.41

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:turbolinuxmodel:multimediascope: - version: -

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:1.3.31

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.0.59

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.04

Trust: 0.3

sources: BID: 27237 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // CNNVD: CNNVD-200801-095 // NVD: CVE-2007-6388

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-6388
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-6388
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2008-001513
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200801-095
value: MEDIUM

Trust: 0.6

VULMON: CVE-2007-6388
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-6388
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

IPA: JVNDB-2008-001513
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: VULMON: CVE-2007-6388 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // CNNVD: CNNVD-200801-095 // NVD: CVE-2007-6388

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 2.6

sources: JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // NVD: CVE-2007-6388

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-095

TYPE

xss

Trust: 1.1

sources: PACKETSTORM: 63262 // PACKETSTORM: 62719 // PACKETSTORM: 62721 // PACKETSTORM: 72120 // PACKETSTORM: 62634 // CNNVD: CNNVD-200801-095

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001001

PATCH

title:HS08-016url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-016/index.html

Trust: 1.6

title:Fixed in Apache httpd 1.3.41url:http://httpd.apache.org/security/vulnerabilities_13.html#1.3.41

Trust: 0.8

title:Fixed in Apache httpd 2.0.63url:http://httpd.apache.org/security/vulnerabilities_20.html#2.0.63

Trust: 0.8

title:Fixed in Apache httpd 2.2.8url:http://httpd.apache.org/security/vulnerabilities_22.html#2.2.8

Trust: 0.8

title:Security Update 2008-003url:http://support.apple.com/kb/HT1897

Trust: 0.8

title:Security Update 2008-002url:http://docs.info.apple.com/article.html?artnum=307562-en

Trust: 0.8

title:Security Update 2008-003url:http://support.apple.com/kb/HT1897?viewlocale=ja_JP

Trust: 0.8

title:Security Update 2008-002url:http://docs.info.apple.com/article.html?artnum=307562-ja

Trust: 0.8

title:httpd-2.2.3-11.3.1AXurl:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=94

Trust: 0.8

title:HPSBUX02313url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01364714

Trust: 0.8

title:HPSBUX02313url:http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02313.html

Trust: 0.8

title:4019245url:http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Trust: 0.8

title:PK65782url:http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782

Trust: 0.8

title:PK63273url:http://www-1.ibm.com/support/docview.wss?rs=0&context=SSEQTJ&uid=swg1PK63273&loc=en_US&cs=utf-8&cc=US&lang=all

Trust: 0.8

title:7007033url:http://www-1.ibm.com/support/docview.wss?uid=swg27007033#60227

Trust: 0.8

title:httpd (V3.0)url:http://www.miraclelinux.com/update/linux/list.php?errata_id=1224

Trust: 0.8

title:httpd (V4.0)url:http://www.miraclelinux.com/update/linux/list.php?errata_id=1221

Trust: 0.8

title:apache (V2.x)url:http://www.miraclelinux.com/update/linux/list.php?errata_id=1205

Trust: 0.8

title:Oracle Critical Patch Update Advisory - July 2013url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Trust: 0.8

title:Text Form of Oracle Critical Patch Update - July 2013 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html

Trust: 0.8

title:RHSA-2008:0004url:https://rhn.redhat.com/errata/RHSA-2008-0004.html

Trust: 0.8

title:RHSA-2008:0005url:https://rhn.redhat.com/errata/RHSA-2008-0005.html

Trust: 0.8

title:RHSA-2008:0006url:https://rhn.redhat.com/errata/RHSA-2008-0006.html

Trust: 0.8

title:RHSA-2008:0007url:https://rhn.redhat.com/errata/RHSA-2008-0007.html

Trust: 0.8

title:RHSA-2008:0008url:https://rhn.redhat.com/errata/RHSA-2008-0008.html

Trust: 0.8

title:July 2013 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/july_2013_critical_patch_update

Trust: 0.8

title:233623url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1

Trust: 0.8

title:TLSA-2008-5url:http://www.turbolinux.com/security/2008/TLSA-2008-5.txt

Trust: 0.8

title:interstage_as_200808url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200808.html

Trust: 0.8

title:HS08-016url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS08-016/index.html

Trust: 0.8

title:RHSA-2008:0005url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0005J.html

Trust: 0.8

title:RHSA-2008:0006url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0006J.html

Trust: 0.8

title:RHSA-2008:0008url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0008J.html

Trust: 0.8

title:RHSA-2008:0004url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0004J.html

Trust: 0.8

title:TLSA-2008-5url:http://www.turbolinux.co.jp/security/2008/TLSA-2008-5j.txt

Trust: 0.8

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-575-1

Trust: 0.1

title: - url:https://github.com/SecureAxom/strike

Trust: 0.1

sources: VULMON: CVE-2007-6388 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513

EXTERNAL IDS

db:NVDid:CVE-2007-6388

Trust: 4.5

db:BIDid:27237

Trust: 2.8

db:SECUNIAid:28471

Trust: 2.5

db:USCERTid:TA08-150A

Trust: 2.5

db:SECTRACKid:1019154

Trust: 2.5

db:SECUNIAid:29988

Trust: 1.7

db:SECUNIAid:28607

Trust: 1.7

db:SECUNIAid:28977

Trust: 1.7

db:SECUNIAid:30732

Trust: 1.7

db:SECUNIAid:30430

Trust: 1.7

db:SECUNIAid:29504

Trust: 1.7

db:SECUNIAid:28526

Trust: 1.7

db:SECUNIAid:29806

Trust: 1.7

db:SECUNIAid:33200

Trust: 1.7

db:SECUNIAid:28749

Trust: 1.7

db:SECUNIAid:28922

Trust: 1.7

db:SECUNIAid:30356

Trust: 1.7

db:SECUNIAid:29640

Trust: 1.7

db:SECUNIAid:32800

Trust: 1.7

db:SECUNIAid:31142

Trust: 1.7

db:SECUNIAid:29420

Trust: 1.7

db:SECUNIAid:28965

Trust: 1.7

db:SECUNIAid:28467

Trust: 1.7

db:SREASONid:3541

Trust: 1.7

db:VUPENid:ADV-2008-0809

Trust: 1.7

db:VUPENid:ADV-2008-0047

Trust: 1.7

db:VUPENid:ADV-2008-1623

Trust: 1.7

db:VUPENid:ADV-2008-1697

Trust: 1.7

db:VUPENid:ADV-2008-0554

Trust: 1.7

db:VUPENid:ADV-2008-0447

Trust: 1.7

db:VUPENid:ADV-2008-0924

Trust: 1.7

db:VUPENid:ADV-2008-1224

Trust: 1.7

db:VUPENid:ADV-2008-0986

Trust: 1.7

db:JVNDBid:JVNDB-2008-001513

Trust: 1.6

db:USCERTid:SA08-150A

Trust: 0.8

db:USCERTid:TA08-079A

Trust: 0.8

db:USCERTid:SA08-079A

Trust: 0.8

db:JVNDBid:JVNDB-2008-001001

Trust: 0.8

db:CNNVDid:CNNVD-200801-095

Trust: 0.6

db:VULMONid:CVE-2007-6388

Trust: 0.1

db:PACKETSTORMid:63262

Trust: 0.1

db:PACKETSTORMid:89987

Trust: 0.1

db:PACKETSTORMid:80533

Trust: 0.1

db:PACKETSTORMid:62719

Trust: 0.1

db:PACKETSTORMid:62721

Trust: 0.1

db:PACKETSTORMid:101257

Trust: 0.1

db:PACKETSTORMid:72120

Trust: 0.1

db:PACKETSTORMid:62634

Trust: 0.1

db:PACKETSTORMid:63601

Trust: 0.1

sources: VULMON: CVE-2007-6388 // BID: 27237 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // PACKETSTORM: 63262 // PACKETSTORM: 89987 // PACKETSTORM: 80533 // PACKETSTORM: 62719 // PACKETSTORM: 62721 // PACKETSTORM: 101257 // PACKETSTORM: 72120 // PACKETSTORM: 62634 // PACKETSTORM: 63601 // CNNVD: CNNVD-200801-095 // NVD: CVE-2007-6388

REFERENCES

url:http://www.securityfocus.com/bid/27237

Trust: 2.6

url:http://securitytracker.com/id?1019154

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta08-150a.html

Trust: 2.5

url:http://support.avaya.com/elmodocs2/security/asa-2008-032.htm

Trust: 2.0

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=689039

Trust: 2.0

url:http://www-1.ibm.com/support/docview.wss?uid=swg1pk62966

Trust: 2.0

url:http://www-1.ibm.com/support/docview.wss?uid=swg1pk63273

Trust: 2.0

url:http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html

Trust: 2.0

url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388

Trust: 1.9

url:http://www.mandriva.com/security/advisories?name=mdvsa-2008:014

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2008:015

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0004.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0005.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0006.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0007.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0008.html

Trust: 1.7

url:http://secunia.com/advisories/28467

Trust: 1.7

url:http://secunia.com/advisories/28471

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2008:016

Trust: 1.7

url:http://secunia.com/advisories/28526

Trust: 1.7

url:http://secunia.com/advisories/28607

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-575-1

Trust: 1.7

url:http://secunia.com/advisories/28749

Trust: 1.7

url:http://www116.nortel.com/pub/repository/clarify/document/2008/05/023342-01.pdf

Trust: 1.7

url:http://secunia.com/advisories/28965

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00562.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00541.html

Trust: 1.7

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748

Trust: 1.7

url:http://secunia.com/advisories/28977

Trust: 1.7

url:http://secunia.com/advisories/28922

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1

Trust: 1.7

url:http://docs.info.apple.com/article.html?artnum=307562

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html

Trust: 1.7

url:http://secunia.com/advisories/29420

Trust: 1.7

url:http://www-1.ibm.com/support/search.wss?rs=0&q=pk59667&apar=only

Trust: 1.7

url:http://secunia.com/advisories/29504

Trust: 1.7

url:http://securityreason.com/securityalert/3541

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

Trust: 1.7

url:http://secunia.com/advisories/29640

Trust: 1.7

url:http://secunia.com/advisories/29806

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0009.html

Trust: 1.7

url:http://secunia.com/advisories/29988

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2008-0261.html

Trust: 1.7

url:http://secunia.com/advisories/30356

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2008//may/msg00001.html

Trust: 1.7

url:http://secunia.com/advisories/30430

Trust: 1.7

url:http://secunia.com/advisories/31142

Trust: 1.7

url:http://secunia.com/advisories/30732

Trust: 1.7

url:http://secunia.com/advisories/33200

Trust: 1.7

url:http://lists.vmware.com/pipermail/security-announce/2009/000062.html

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/1697

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0924/references

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0809/references

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0554

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0986/references

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0047

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/1224/references

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0447/references

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/1623/references

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=130497311408250&w=2

Trust: 1.7

url:http://secunia.com/advisories/32800

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39472

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10272

Trust: 1.7

url:http://www.securityfocus.com/archive/1/505990/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/498523/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/494428/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/488082/100/0/threaded

Trust: 1.7

url:http://httpd.apache.org/security/vulnerabilities_13.html

Trust: 1.5

url:http://httpd.apache.org/security/vulnerabilities_20.html

Trust: 1.5

url:http://httpd.apache.org/security/vulnerabilities_22.html

Trust: 1.5

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2007-6388

Trust: 0.9

url:http://www.frsirt.com/english/advisories/2008/0047

Trust: 0.8

url:http://jvn.jp/cert/jvnta08-079a/index.html

Trust: 0.8

url:http://jvn.jp/cert/jvnta08-150a/

Trust: 0.8

url:http://jvn.jp/tr/trta08-079a/index.html

Trust: 0.8

url:http://jvn.jp/tr/trta08-150a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6388

Trust: 0.8

url:http://secunia.com/advisories/28471/

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa08-079a.html

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa08-150a.html

Trust: 0.8

url:http://www.us-cert.gov/cas/techalerts/ta08-079a.html

Trust: 0.8

url:http://jvndb.jvn.jp/ja/contents/2008/jvndb-2008-001513.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6388

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2007-5000

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2008-0005

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_13.html

Trust: 0.6

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_22.html

Trust: 0.6

url:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_20.html

Trust: 0.6

url:https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.

Trust: 0.6

url:http://securityreason.com/achievement_securityalert/50

Trust: 0.4

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.4

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.4

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.4

url:http://httpd.apache.org/

Trust: 0.3

url:https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01607570&admit=109447627+1227181083938+28353475

Trust: 0.3

url: http://www.phptoys.com/product/micro-news.html

Trust: 0.3

url:https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110

Trust: 0.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1

Trust: 0.3

url:http://www.apache.org/dist/httpd/announcement1.3.html

Trust: 0.3

url:http://www.apache.org/dist/httpd/announcement2.0.html

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2008-026.htm

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2008-031.htm

Trust: 0.3

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01364714

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0004.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0005.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0006.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0007.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0008.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0261.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0263.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0523.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2008-0524.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-6422

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-6421

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2007-4465

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2006-3918

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2007-3847

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:https://www.hp.com/go/swa

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/575-1/

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2364

Trust: 0.1

url:http://support.openview.hp.com/support.jsp

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-6420

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2939

Trust: 0.1

url:http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm

Trust: 0.1

url:http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html

Trust: 0.1

url:http://www.vmware.com/support/player25/doc/releasenotes_player253.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-1863

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863

Trust: 0.1

url:http://www.vmware.com/download/ace/

Trust: 0.1

url:http://www.vmware.com/download/player/

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-3304

Trust: 0.1

url:http://www.vmware.com/download/ws/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0040

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304

Trust: 0.1

url:http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-5752

Trust: 0.1

url:http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle

Trust: 0.1

url:http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6421

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-4339

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-0840

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3293

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2004-0492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-2937

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3292

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-4343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0010

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2003-0542

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-3747

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3291

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2002-0839

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-2940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3357

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-3352

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2006-3738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2005-2491

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3095

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-1891

Trust: 0.1

url:http://itrc.hp.com

Trust: 0.1

url:http://httpd.apache.org/docs/2.0/mod/mod_status.html

Trust: 0.1

url:http://securityreason.com/key/sp3x.gpg

Trust: 0.1

url:http://www.securityfocus.com/archive/1/450418

Trust: 0.1

url:http://securityreason.com

Trust: 0.1

url:http://httpd.apache.org

Trust: 0.1

sources: VULMON: CVE-2007-6388 // BID: 27237 // JVNDB: JVNDB-2008-001001 // JVNDB: JVNDB-2008-001513 // PACKETSTORM: 63262 // PACKETSTORM: 89987 // PACKETSTORM: 80533 // PACKETSTORM: 62719 // PACKETSTORM: 62721 // PACKETSTORM: 101257 // PACKETSTORM: 72120 // PACKETSTORM: 62634 // PACKETSTORM: 63601 // CNNVD: CNNVD-200801-095 // NVD: CVE-2007-6388

CREDITS

sp3x is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 27237 // CNNVD: CNNVD-200801-095

SOURCES

db:VULMONid:CVE-2007-6388
db:BIDid:27237
db:JVNDBid:JVNDB-2008-001001
db:JVNDBid:JVNDB-2008-001513
db:PACKETSTORMid:63262
db:PACKETSTORMid:89987
db:PACKETSTORMid:80533
db:PACKETSTORMid:62719
db:PACKETSTORMid:62721
db:PACKETSTORMid:101257
db:PACKETSTORMid:72120
db:PACKETSTORMid:62634
db:PACKETSTORMid:63601
db:CNNVDid:CNNVD-200801-095
db:NVDid:CVE-2007-6388

LAST UPDATE DATE

2024-11-07T19:31:29.378000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2007-6388date:2021-06-06T00:00:00
db:BIDid:27237date:2015-04-13T21:21:00
db:JVNDBid:JVNDB-2008-001001date:2014-05-21T00:00:00
db:JVNDBid:JVNDB-2008-001513date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-200801-095date:2021-06-07T00:00:00
db:NVDid:CVE-2007-6388date:2024-02-02T16:16:50.433

SOURCES RELEASE DATE

db:VULMONid:CVE-2007-6388date:2008-01-08T00:00:00
db:BIDid:27237date:2008-01-10T00:00:00
db:JVNDBid:JVNDB-2008-001001date:2008-01-22T00:00:00
db:JVNDBid:JVNDB-2008-001513date:2008-07-30T00:00:00
db:PACKETSTORMid:63262date:2008-02-05T00:41:56
db:PACKETSTORMid:89987date:2010-05-27T05:11:37
db:PACKETSTORMid:80533date:2009-08-23T16:31:17
db:PACKETSTORMid:62719date:2008-01-17T05:56:17
db:PACKETSTORMid:62721date:2008-01-17T05:59:17
db:PACKETSTORMid:101257date:2011-05-10T00:45:11
db:PACKETSTORMid:72120date:2008-11-20T19:21:09
db:PACKETSTORMid:62634date:2008-01-15T20:26:59
db:PACKETSTORMid:63601date:2008-02-13T22:27:37
db:CNNVDid:CNNVD-200801-095date:2008-01-08T00:00:00
db:NVDid:CVE-2007-6388date:2008-01-08T18:46:00