Sign-up

ID

VAR-201003-1105


CVE

CVE-2010-0434


TITLE

Apache mod_isapi module library unload results in orphaned callback pointers

Trust: 0.8

sources: CERT/CC: VU#280613

DESCRIPTION

The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request. The Apache mod_isapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory. If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.An attacker may gain access to the data that have been deleted from the memory. Apache is prone to an information-disclosure vulnerability. Attackers can leverage this issue to gain access to sensitive information; attacks may also result in denial-of-service conditions. Apache versions prior to 2.2.15 are affected. NOTE: This issue was previously described in BID 38494 (Apache Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://svn.apache.org/viewvc?view=revision&revision=917867 http://httpd.apache.org/security/vulnerabilities_22.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 23ff92149bae266e77a0dee41145e112 2008.0/i586/apache-base-2.2.6-8.5mdv2008.0.i586.rpm ddad03b1e60dc5ce8e7c9153ab37d45f 2008.0/i586/apache-devel-2.2.6-8.5mdv2008.0.i586.rpm a9285879e43c043e0f34cc78fc5258e4 2008.0/i586/apache-htcacheclean-2.2.6-8.5mdv2008.0.i586.rpm 9c78955e8d90fc50c11ccc586de3b6b0 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.i586.rpm 29152b393906d4092b002ad7f7fff4e5 2008.0/i586/apache-mod_cache-2.2.6-8.5mdv2008.0.i586.rpm 342b3554786301fb899c0d0643b9dd1f 2008.0/i586/apache-mod_dav-2.2.6-8.5mdv2008.0.i586.rpm 0af08060fc4d5c4cbc0ee3639471c89c 2008.0/i586/apache-mod_dbd-2.2.6-8.5mdv2008.0.i586.rpm 14be61e0738caf12de78792daf35442b 2008.0/i586/apache-mod_deflate-2.2.6-8.5mdv2008.0.i586.rpm de7a4078972db4b946a7005d294028fd 2008.0/i586/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.i586.rpm 69aea451cea5fdfa8dce6df94e8131de 2008.0/i586/apache-mod_file_cache-2.2.6-8.5mdv2008.0.i586.rpm 0ec3642c409cbeffc75a4295fbc1d765 2008.0/i586/apache-mod_ldap-2.2.6-8.5mdv2008.0.i586.rpm 1e16a623413c47da5bc2a57a3d839931 2008.0/i586/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.i586.rpm 54322826b45c5ac77c209f33923c25b5 2008.0/i586/apache-mod_proxy-2.2.6-8.5mdv2008.0.i586.rpm 8f6593751c159dac22d92dcc362fcc68 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.i586.rpm 74c5f10e73350e8dd9eb91292fbf6710 2008.0/i586/apache-mod_ssl-2.2.6-8.5mdv2008.0.i586.rpm df03dd3122074164ab2207df1b3906f7 2008.0/i586/apache-modules-2.2.6-8.5mdv2008.0.i586.rpm 7239241849577e927dee2ec82a002380 2008.0/i586/apache-mod_userdir-2.2.6-8.5mdv2008.0.i586.rpm 5abbfef70091199964222cd403e0568f 2008.0/i586/apache-mpm-event-2.2.6-8.5mdv2008.0.i586.rpm e8baea47b9696f38cd65bb559c9ef463 2008.0/i586/apache-mpm-itk-2.2.6-8.5mdv2008.0.i586.rpm 6f2594f741cc54926d001954794fcfb3 2008.0/i586/apache-mpm-prefork-2.2.6-8.5mdv2008.0.i586.rpm 6954839d001c2955b01c1e03cbeec01d 2008.0/i586/apache-mpm-worker-2.2.6-8.5mdv2008.0.i586.rpm 482ad712e30a79f684f085fb43e93879 2008.0/i586/apache-source-2.2.6-8.5mdv2008.0.i586.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 29c5a43bbf3ad019e438c4024b15106f 2008.0/x86_64/apache-base-2.2.6-8.5mdv2008.0.x86_64.rpm 563da7a13d54748afc8cfa7255a8bb74 2008.0/x86_64/apache-devel-2.2.6-8.5mdv2008.0.x86_64.rpm 2f1ec678f8969edd1927fcb6098f2e45 2008.0/x86_64/apache-htcacheclean-2.2.6-8.5mdv2008.0.x86_64.rpm b7b89b683f672d30c2a072ab07da14cd 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm 924947249cf409c411c26de5d38841b3 2008.0/x86_64/apache-mod_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fd976a7abea8a0d98afebfda596fb9e4 2008.0/x86_64/apache-mod_dav-2.2.6-8.5mdv2008.0.x86_64.rpm 0db499e7bd1530a5f61b01b75c162575 2008.0/x86_64/apache-mod_dbd-2.2.6-8.5mdv2008.0.x86_64.rpm a271f98bfd9fee474fd8ed6e32e7a4fd 2008.0/x86_64/apache-mod_deflate-2.2.6-8.5mdv2008.0.x86_64.rpm 9fa3c1ff2f71bdb4babd8a1ae05722ca 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.5mdv2008.0.x86_64.rpm fff28aa3fd1952d2d8b679e376020610 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.5mdv2008.0.x86_64.rpm d120a3b1941e24e3bf0404f09ca2bcc8 2008.0/x86_64/apache-mod_ldap-2.2.6-8.5mdv2008.0.x86_64.rpm eb4347aa9035aa0fe6b5026c7da10d46 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.5mdv2008.0.x86_64.rpm 4767ac49d8d2e32fae207fe0a2313ca3 2008.0/x86_64/apache-mod_proxy-2.2.6-8.5mdv2008.0.x86_64.rpm e3d0ffa255bbbccb59fda7a1282d7179 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.5mdv2008.0.x86_64.rpm 79fa1a0825bbbbcc4e72769b4520f8d3 2008.0/x86_64/apache-mod_ssl-2.2.6-8.5mdv2008.0.x86_64.rpm 70bf17490d2de9e961abcda95152f807 2008.0/x86_64/apache-modules-2.2.6-8.5mdv2008.0.x86_64.rpm a348607d816b11b0487c2e05e457a996 2008.0/x86_64/apache-mod_userdir-2.2.6-8.5mdv2008.0.x86_64.rpm 5cbfcc0a67b065e3e67e7e15f06d75ec 2008.0/x86_64/apache-mpm-event-2.2.6-8.5mdv2008.0.x86_64.rpm 4bc19735725da81eded3324c07a9a093 2008.0/x86_64/apache-mpm-itk-2.2.6-8.5mdv2008.0.x86_64.rpm 5547176fa7f2c19ba95f4ac8884bb4c7 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.5mdv2008.0.x86_64.rpm 02ff8d0c41101e3098cee705a8201575 2008.0/x86_64/apache-mpm-worker-2.2.6-8.5mdv2008.0.x86_64.rpm f2bd828f8d60254eddeda242bd7696b0 2008.0/x86_64/apache-source-2.2.6-8.5mdv2008.0.x86_64.rpm 90d942cb17fff4eec4eb1dc7920b0f1c 2008.0/SRPMS/apache-2.2.6-8.5mdv2008.0.src.rpm Mandriva Linux 2009.0: 34551cae6c61ac433ffff6fa46c7cd59 2009.0/i586/apache-base-2.2.9-12.9mdv2009.0.i586.rpm 25481b74180228902d00080d9bfc226f 2009.0/i586/apache-devel-2.2.9-12.9mdv2009.0.i586.rpm 7281a4912ddac9696b7cd416f73ed281 2009.0/i586/apache-htcacheclean-2.2.9-12.9mdv2009.0.i586.rpm bd94ed481bd5a3e16818d40dd1dbcf3a 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.i586.rpm 3bb0ef08152e50a234daa555de7d4856 2009.0/i586/apache-mod_cache-2.2.9-12.9mdv2009.0.i586.rpm 5c0e6e70401c79e8a4842ad156d0b93e 2009.0/i586/apache-mod_dav-2.2.9-12.9mdv2009.0.i586.rpm 03eceff53b048314e6fb8fd3cb30cd2b 2009.0/i586/apache-mod_dbd-2.2.9-12.9mdv2009.0.i586.rpm ba8bf1747c9e2f7ec2bf33eb1e008787 2009.0/i586/apache-mod_deflate-2.2.9-12.9mdv2009.0.i586.rpm ff5778fa39d86582aed31af480a72475 2009.0/i586/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.i586.rpm a78f8625e78c6d9042ea5f2fedc48bbc 2009.0/i586/apache-mod_file_cache-2.2.9-12.9mdv2009.0.i586.rpm 96abb0973a1636bdaa35b2c0e21c0f47 2009.0/i586/apache-mod_ldap-2.2.9-12.9mdv2009.0.i586.rpm 7b79b764bcd1682fbcd2bb7609379fa6 2009.0/i586/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.i586.rpm a5d2a7bf906c9fa43ee427557107c628 2009.0/i586/apache-mod_proxy-2.2.9-12.9mdv2009.0.i586.rpm 12bca18d0968c38d832c26689f394d4f 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.i586.rpm c3fa31437a6c7d2af1a8693941b2e4ea 2009.0/i586/apache-mod_ssl-2.2.9-12.9mdv2009.0.i586.rpm dccfc75d97f49c9bb4a31f64165fbc07 2009.0/i586/apache-modules-2.2.9-12.9mdv2009.0.i586.rpm 9b6e98c2d490ad471d7efbeb9b6f1882 2009.0/i586/apache-mod_userdir-2.2.9-12.9mdv2009.0.i586.rpm 72f53c32446474225c5d789446ff31be 2009.0/i586/apache-mpm-event-2.2.9-12.9mdv2009.0.i586.rpm 0a8bef467fc6ce9dcfb019934e400ddf 2009.0/i586/apache-mpm-itk-2.2.9-12.9mdv2009.0.i586.rpm 61fbfbb3a81996278e1ecc8ecb3bbea0 2009.0/i586/apache-mpm-peruser-2.2.9-12.9mdv2009.0.i586.rpm f97488bf62a402de4e069f099d19b946 2009.0/i586/apache-mpm-prefork-2.2.9-12.9mdv2009.0.i586.rpm 3d6a60af5f36580c1d408b776e38d7cb 2009.0/i586/apache-mpm-worker-2.2.9-12.9mdv2009.0.i586.rpm 1541f5510800ca16d411cc108d2f04e7 2009.0/i586/apache-source-2.2.9-12.9mdv2009.0.i586.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3c46373187c18fc2120d6d8a06fbe800 2009.0/x86_64/apache-base-2.2.9-12.9mdv2009.0.x86_64.rpm 3a8b3154ec8a6a6d5157e369c82921fe 2009.0/x86_64/apache-devel-2.2.9-12.9mdv2009.0.x86_64.rpm 8632d86e56b89dbfd78728dec530313b 2009.0/x86_64/apache-htcacheclean-2.2.9-12.9mdv2009.0.x86_64.rpm e45065f760280c82ca41b39fab3af500 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 7821495e78ea828b124feca1d0b5e3a4 2009.0/x86_64/apache-mod_cache-2.2.9-12.9mdv2009.0.x86_64.rpm ff24ea3ce6b79f27df1da57004b6b419 2009.0/x86_64/apache-mod_dav-2.2.9-12.9mdv2009.0.x86_64.rpm 812b0343ea5cbdce80b615aaaaa7b3d0 2009.0/x86_64/apache-mod_dbd-2.2.9-12.9mdv2009.0.x86_64.rpm 07f63e1efda4a8656fe4ce93c285c56f 2009.0/x86_64/apache-mod_deflate-2.2.9-12.9mdv2009.0.x86_64.rpm bec9164a4b906c91e8ce791d2a673475 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.9mdv2009.0.x86_64.rpm 5dec095d50fefc94ca3667ca5905c1de 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.9mdv2009.0.x86_64.rpm e06416e1c8f4b86d7bc9a2bf09d3aa47 2009.0/x86_64/apache-mod_ldap-2.2.9-12.9mdv2009.0.x86_64.rpm 985ed3db05aab9093c6c739849a8f303 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.9mdv2009.0.x86_64.rpm f02c944bd14fef95f0528413be37d793 2009.0/x86_64/apache-mod_proxy-2.2.9-12.9mdv2009.0.x86_64.rpm 016eebea88ddf78fe9d9310de6f8b110 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdv2009.0.x86_64.rpm 423a7dfdee11cc5685650a9e361d560a 2009.0/x86_64/apache-mod_ssl-2.2.9-12.9mdv2009.0.x86_64.rpm 3c513f39f64b52c48a7b3f9d6dbeca06 2009.0/x86_64/apache-modules-2.2.9-12.9mdv2009.0.x86_64.rpm c53cf2be3d49a43486f11d910d153993 2009.0/x86_64/apache-mod_userdir-2.2.9-12.9mdv2009.0.x86_64.rpm 68e8876c7ae3754d6e9130ad1a6df508 2009.0/x86_64/apache-mpm-event-2.2.9-12.9mdv2009.0.x86_64.rpm 0e21625ac42276652db827a225e4946a 2009.0/x86_64/apache-mpm-itk-2.2.9-12.9mdv2009.0.x86_64.rpm 31d61231859949f0c3202892cab66070 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.9mdv2009.0.x86_64.rpm 2d7faa63bb78578104a13d7cba7ff7f6 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.9mdv2009.0.x86_64.rpm f200e178f3335664205a57c47e55a158 2009.0/x86_64/apache-mpm-worker-2.2.9-12.9mdv2009.0.x86_64.rpm 28d29f445b09a9f04ca95c55defa73b3 2009.0/x86_64/apache-source-2.2.9-12.9mdv2009.0.x86_64.rpm 90dbf41f264a031f26978b06eb61e3eb 2009.0/SRPMS/apache-2.2.9-12.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 75e56f4bed0e6e528154d10f6f31e0d2 2009.1/i586/apache-base-2.2.11-10.9mdv2009.1.i586.rpm 817e9bebbc2d720ce3fb4eac3e29e331 2009.1/i586/apache-devel-2.2.11-10.9mdv2009.1.i586.rpm 53195802184e37ee1f0a264d50d6cfd9 2009.1/i586/apache-htcacheclean-2.2.11-10.9mdv2009.1.i586.rpm f739e9b0a5d4c9040666aff71b2a4de8 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.i586.rpm ae55b8790089b2cd848158a5c82403b4 2009.1/i586/apache-mod_cache-2.2.11-10.9mdv2009.1.i586.rpm 40032b4ff396c906597ea2f091d0a82c 2009.1/i586/apache-mod_dav-2.2.11-10.9mdv2009.1.i586.rpm e9bfce9f9965db9befc0bbc7a879e873 2009.1/i586/apache-mod_dbd-2.2.11-10.9mdv2009.1.i586.rpm 247901cb194b62dcc07542a6da3b057e 2009.1/i586/apache-mod_deflate-2.2.11-10.9mdv2009.1.i586.rpm 5f77ece73f84e29d4f11fab5a6efc0ff 2009.1/i586/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.i586.rpm 39bcb1885f9d8352ad9af136aeebe226 2009.1/i586/apache-mod_file_cache-2.2.11-10.9mdv2009.1.i586.rpm 233d3224ba30cc7833503c96a7c145ce 2009.1/i586/apache-mod_ldap-2.2.11-10.9mdv2009.1.i586.rpm a210e9f35669c26ad59cee64d8cede3a 2009.1/i586/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.i586.rpm 7e99a85386b813662559d82225450280 2009.1/i586/apache-mod_proxy-2.2.11-10.9mdv2009.1.i586.rpm 318c104ac5f737f8becc5e6e27dc7d92 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.i586.rpm 1634649022f993cbe2faeb47aa11efb6 2009.1/i586/apache-mod_ssl-2.2.11-10.9mdv2009.1.i586.rpm bd0b651dfb0fbfed27e68839d87b1e8f 2009.1/i586/apache-modules-2.2.11-10.9mdv2009.1.i586.rpm 2ec040a5a19ff5087dd63676dcd4d7d3 2009.1/i586/apache-mod_userdir-2.2.11-10.9mdv2009.1.i586.rpm 23f71dca2412d3d4c9f19636c6724788 2009.1/i586/apache-mpm-event-2.2.11-10.9mdv2009.1.i586.rpm e783f4497a37196cedb06ebf48e5cf88 2009.1/i586/apache-mpm-itk-2.2.11-10.9mdv2009.1.i586.rpm 69a26c4225a64cd01fead3037dfdb460 2009.1/i586/apache-mpm-peruser-2.2.11-10.9mdv2009.1.i586.rpm 9a6711b33371ada3cca710e3d077072f 2009.1/i586/apache-mpm-prefork-2.2.11-10.9mdv2009.1.i586.rpm bf8a0a578d905c83e6fb21652cf2efa8 2009.1/i586/apache-mpm-worker-2.2.11-10.9mdv2009.1.i586.rpm 27fd547651fa32ddaf2a49595f1cda94 2009.1/i586/apache-source-2.2.11-10.9mdv2009.1.i586.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: b7493b7c24c69bd4d5d46d68015c1954 2009.1/x86_64/apache-base-2.2.11-10.9mdv2009.1.x86_64.rpm e03c8ac80281ac777d47175b5eefca80 2009.1/x86_64/apache-devel-2.2.11-10.9mdv2009.1.x86_64.rpm 39286b02f42bc078fba50b7ea2d35b53 2009.1/x86_64/apache-htcacheclean-2.2.11-10.9mdv2009.1.x86_64.rpm 198fcc2117c9d576d2d4b5fee6c43ca7 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm f49b0c5819625b44f201f0a35387ce50 2009.1/x86_64/apache-mod_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 330eb48ed00ec971568b367bab7fc1b9 2009.1/x86_64/apache-mod_dav-2.2.11-10.9mdv2009.1.x86_64.rpm 4300c5bacef317a49a2a8ef443ad6a75 2009.1/x86_64/apache-mod_dbd-2.2.11-10.9mdv2009.1.x86_64.rpm 3a72f1c99806427d4485f246657a0bfa 2009.1/x86_64/apache-mod_deflate-2.2.11-10.9mdv2009.1.x86_64.rpm b506f65c8e4f0c0f82907a958cba9dbf 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.9mdv2009.1.x86_64.rpm a778167079f5510f54d896951bf5414e 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.9mdv2009.1.x86_64.rpm efe84333004b0c1e1c1c24d05c63bc4f 2009.1/x86_64/apache-mod_ldap-2.2.11-10.9mdv2009.1.x86_64.rpm 9831767144c303e8035b72148c19acee 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.9mdv2009.1.x86_64.rpm 77d892f2a3f4fe750e335fcd77abed27 2009.1/x86_64/apache-mod_proxy-2.2.11-10.9mdv2009.1.x86_64.rpm 4be9610034ecc78e9c5f92f076cecbbe 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.9mdv2009.1.x86_64.rpm fa6ee038a22d7721936f4489caf9b74f 2009.1/x86_64/apache-mod_ssl-2.2.11-10.9mdv2009.1.x86_64.rpm a3ec6755a5f1642a8afc92477da13ccc 2009.1/x86_64/apache-modules-2.2.11-10.9mdv2009.1.x86_64.rpm 1ee56400bf6828c81bbea38a2d66c5cc 2009.1/x86_64/apache-mod_userdir-2.2.11-10.9mdv2009.1.x86_64.rpm df6155156b5896890dd47f72396f7624 2009.1/x86_64/apache-mpm-event-2.2.11-10.9mdv2009.1.x86_64.rpm 3c1d3f889db936fe85f2cb0a57d91470 2009.1/x86_64/apache-mpm-itk-2.2.11-10.9mdv2009.1.x86_64.rpm ce9c8d4886ba96907c878650226dc759 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.9mdv2009.1.x86_64.rpm 85683f5c477867c69a8bfd1d4d32f800 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.9mdv2009.1.x86_64.rpm 684902be8e369ddc9c2baefd83f37841 2009.1/x86_64/apache-mpm-worker-2.2.11-10.9mdv2009.1.x86_64.rpm c3247495ef79977074487ed254b9fc70 2009.1/x86_64/apache-source-2.2.11-10.9mdv2009.1.x86_64.rpm 86177bd1b2993d442a45de0057ba3371 2009.1/SRPMS/apache-2.2.11-10.9mdv2009.1.src.rpm Mandriva Linux 2010.0: e9927cf16ed8828131df85685f290708 2010.0/i586/apache-base-2.2.14-1.4mdv2010.0.i586.rpm b781078582f12f11ce00a2a771729a12 2010.0/i586/apache-devel-2.2.14-1.4mdv2010.0.i586.rpm 8b2b02fe15ab2674182bb36e92d5d6bb 2010.0/i586/apache-htcacheclean-2.2.14-1.4mdv2010.0.i586.rpm e3117be319f6007c1e32175dab3dd269 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.i586.rpm 2e140e4a25f125845e5303f613182728 2010.0/i586/apache-mod_cache-2.2.14-1.4mdv2010.0.i586.rpm 65ab42342f5ac48ca1ef81f3a1d484c6 2010.0/i586/apache-mod_dav-2.2.14-1.4mdv2010.0.i586.rpm 7dbd27994acad24b4da011a5225754a8 2010.0/i586/apache-mod_dbd-2.2.14-1.4mdv2010.0.i586.rpm 3e0312e8616b2a93c3ded9d0e98d3e01 2010.0/i586/apache-mod_deflate-2.2.14-1.4mdv2010.0.i586.rpm 1ea13c809fd1e85f8b6ff4e73811207f 2010.0/i586/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.i586.rpm eb675bb1bb1e562335295e01ed84409d 2010.0/i586/apache-mod_file_cache-2.2.14-1.4mdv2010.0.i586.rpm 9bafae0ca87da81fb45b9f9f20c56472 2010.0/i586/apache-mod_ldap-2.2.14-1.4mdv2010.0.i586.rpm 594b51bbcbce61750bb084113a35f5d0 2010.0/i586/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.i586.rpm a2cbbe7507ea6cbeb565eb5bd6e58499 2010.0/i586/apache-mod_proxy-2.2.14-1.4mdv2010.0.i586.rpm 9f05ff1033b165af62c43625e2f2248d 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.i586.rpm 5ee996ba6e070f6ce9a2ad96c38d1579 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.i586.rpm d77c2d33a0acb0621ae01236a9bd2ea8 2010.0/i586/apache-mod_ssl-2.2.14-1.4mdv2010.0.i586.rpm cc394176445ec7e29e7058135e0d16a5 2010.0/i586/apache-modules-2.2.14-1.4mdv2010.0.i586.rpm d66e24d8bd336f344d69e5ab0e2ed665 2010.0/i586/apache-mod_userdir-2.2.14-1.4mdv2010.0.i586.rpm 4ae88b5189af8e2788261c0e8c44183e 2010.0/i586/apache-mpm-event-2.2.14-1.4mdv2010.0.i586.rpm 436cee9cce6eec793421daf8a36166f8 2010.0/i586/apache-mpm-itk-2.2.14-1.4mdv2010.0.i586.rpm 86708b2499826cca8bb771a90181f299 2010.0/i586/apache-mpm-peruser-2.2.14-1.4mdv2010.0.i586.rpm d087904ee7871d5870fa8863e14d79eb 2010.0/i586/apache-mpm-prefork-2.2.14-1.4mdv2010.0.i586.rpm 5a09521d5d7c3051f3036c734315d7c6 2010.0/i586/apache-mpm-worker-2.2.14-1.4mdv2010.0.i586.rpm 4e4674ec021b6f049694d945d2da8362 2010.0/i586/apache-source-2.2.14-1.4mdv2010.0.i586.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3a9b16453f85ba791b755c70880f4bb6 2010.0/x86_64/apache-base-2.2.14-1.4mdv2010.0.x86_64.rpm 4a8f74864d709908d9a4e37371a55015 2010.0/x86_64/apache-devel-2.2.14-1.4mdv2010.0.x86_64.rpm 68c08f5e75e65d8a1ee46a487a145ad1 2010.0/x86_64/apache-htcacheclean-2.2.14-1.4mdv2010.0.x86_64.rpm b16c9e431c3a150fd711dc2563c1124c 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 7ab650ea5dfcf70692b7309b6755946e 2010.0/x86_64/apache-mod_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 47d19ce5b7e26832f48e2ba8416dedfb 2010.0/x86_64/apache-mod_dav-2.2.14-1.4mdv2010.0.x86_64.rpm fd4ef2c9ae898cbffd1416037f92c5ae 2010.0/x86_64/apache-mod_dbd-2.2.14-1.4mdv2010.0.x86_64.rpm 80fa6fa1a47561803bbf77ec9910afd8 2010.0/x86_64/apache-mod_deflate-2.2.14-1.4mdv2010.0.x86_64.rpm e3320d59d9ea09562a56dbb4f88222ee 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.4mdv2010.0.x86_64.rpm 4234449b5ae220e69d7ba010bad00ba6 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.4mdv2010.0.x86_64.rpm b420809b9fb623d8b553208724004367 2010.0/x86_64/apache-mod_ldap-2.2.14-1.4mdv2010.0.x86_64.rpm 51a6156b7a3610cafaebe0e5ea7c9782 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.4mdv2010.0.x86_64.rpm e13d2cea8bdb4c6d962094e7d284ac30 2010.0/x86_64/apache-mod_proxy-2.2.14-1.4mdv2010.0.x86_64.rpm 95932094d507bf5b41b582b554deff2c 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.4mdv2010.0.x86_64.rpm c68f9ba9d1a7917afff7a317712b098a 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.4mdv2010.0.x86_64.rpm 370de7fb272511910ad0a8278e8e65f3 2010.0/x86_64/apache-mod_ssl-2.2.14-1.4mdv2010.0.x86_64.rpm 9a6a05d650d0947afa1a6a3645f11371 2010.0/x86_64/apache-modules-2.2.14-1.4mdv2010.0.x86_64.rpm e9b8d38fa9f94fa840c5a781c90ed412 2010.0/x86_64/apache-mod_userdir-2.2.14-1.4mdv2010.0.x86_64.rpm 3f3476045c8b28c7bfd65f496d3f24c9 2010.0/x86_64/apache-mpm-event-2.2.14-1.4mdv2010.0.x86_64.rpm 07539efe82ed475c622541c162771a27 2010.0/x86_64/apache-mpm-itk-2.2.14-1.4mdv2010.0.x86_64.rpm 74d7fd8b49f996061b375c155f1f1630 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.4mdv2010.0.x86_64.rpm f88aefd516b55db68839efc32af91073 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.4mdv2010.0.x86_64.rpm 4356cebc14ee955781b48b51bed98016 2010.0/x86_64/apache-mpm-worker-2.2.14-1.4mdv2010.0.x86_64.rpm f88857e7a76c59196a3736b665d94080 2010.0/x86_64/apache-source-2.2.14-1.4mdv2010.0.x86_64.rpm e94893f474b2777db10de23fdab07e99 2010.0/SRPMS/apache-2.2.14-1.4mdv2010.0.src.rpm Corporate 4.0: 668c6d9467773b4482233a474a7d792e corporate/4.0/i586/apache-base-2.2.3-1.11.20060mlcs4.i586.rpm eaf9c8c593b700877d7d833f06056fe1 corporate/4.0/i586/apache-devel-2.2.3-1.11.20060mlcs4.i586.rpm 2b29abe3f2a0b774492bac9c249aca0a corporate/4.0/i586/apache-htcacheclean-2.2.3-1.11.20060mlcs4.i586.rpm c70b3d5dd5111bdfa001cbff301f6c41 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 7906cc2799e66bdf2fc48be55926fe98 corporate/4.0/i586/apache-mod_cache-2.2.3-1.11.20060mlcs4.i586.rpm ee55e3d1a8e6263726caa85db1bb570f corporate/4.0/i586/apache-mod_dav-2.2.3-1.11.20060mlcs4.i586.rpm d36275603d7c7eec7f593f8a7668b58c corporate/4.0/i586/apache-mod_dbd-2.2.3-1.11.20060mlcs4.i586.rpm 10eb8dac17e94a340167d142eb2e83fd corporate/4.0/i586/apache-mod_deflate-2.2.3-1.11.20060mlcs4.i586.rpm 9c70e39afb80762e7b668cea550ed67a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.i586.rpm 196433f929fe1198e3e760b7f1c92767 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.i586.rpm 3303a316fa6f7f7bcfc57361a2ca7941 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.11.20060mlcs4.i586.rpm a0d6f7df0f8654cf96e11a411ec61c79 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.i586.rpm 75f4397b7f0fdf966c160f8d8d088396 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.11.20060mlcs4.i586.rpm 2e20cfa63e8e6cef8c32db70a9bc9800 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.i586.rpm e0c7446fff348dda594a07324a1d11aa corporate/4.0/i586/apache-mod_ssl-2.2.3-1.11.20060mlcs4.i586.rpm d4c567cc1987747a48885a9b1f980a9e corporate/4.0/i586/apache-modules-2.2.3-1.11.20060mlcs4.i586.rpm 855a41782047ee044f9a21f6071d86f1 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.11.20060mlcs4.i586.rpm 08847dbd61763241c5a324a4968f8062 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.i586.rpm 9d8564218ed1e042aee73935b849346f corporate/4.0/i586/apache-mpm-worker-2.2.3-1.11.20060mlcs4.i586.rpm 65fdccb338608a8db640aacbaa05ff61 corporate/4.0/i586/apache-source-2.2.3-1.11.20060mlcs4.i586.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: f52950591695b1acf0a623ca6c3d25a7 corporate/4.0/x86_64/apache-base-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a37c7ce2aee7130bd13ce7458868065 corporate/4.0/x86_64/apache-devel-2.2.3-1.11.20060mlcs4.x86_64.rpm 7aa953fcdecb937530a2ef6a0b945867 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.11.20060mlcs4.x86_64.rpm 9a0a976e094b004eb5bca13ac47d14c9 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm bf78b0f1dc8c99908dba3fab47c51aa8 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm 0b6652d44db18642e0a26a675ccae2d2 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.11.20060mlcs4.x86_64.rpm 46b638e9045512672b62bff8d2996406 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.11.20060mlcs4.x86_64.rpm b8b71e3dcf4745a20ef0294342b2ea18 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.11.20060mlcs4.x86_64.rpm a97ba505ddeb185bcf9900def4151f33 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm e0ad4578f1fa0aa35ff3228d48bc6ddd corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm ed8221c22f6c1aa8f7122b41e3590b2b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.11.20060mlcs4.x86_64.rpm b9f9d4c8a9c05601e535b274d4d2925d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.11.20060mlcs4.x86_64.rpm b54558074746ad5ded4dfb8b1f98bed3 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.11.20060mlcs4.x86_64.rpm f22fd7036529b6e989ce15a064decda7 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.11.20060mlcs4.x86_64.rpm 6a1aa90a04d512268ebec80efe8c6604 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.11.20060mlcs4.x86_64.rpm 0abaf16c45ddc32a74af0a0197ee516e corporate/4.0/x86_64/apache-modules-2.2.3-1.11.20060mlcs4.x86_64.rpm 6bf9fb8cbea2382ee4599cc564cf616b corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.11.20060mlcs4.x86_64.rpm e1c5c7edde8868cfa9c50048c73cdfde corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.11.20060mlcs4.x86_64.rpm aed1f4d44d52e7c57ab5b2315d1eb5de corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.11.20060mlcs4.x86_64.rpm 79e7e8cbabd87b695079d17ea87a8f22 corporate/4.0/x86_64/apache-source-2.2.3-1.11.20060mlcs4.x86_64.rpm 09933b8326a89a171a12808354acd8cf corporate/4.0/SRPMS/apache-2.2.3-1.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab753cc4d946b437ae2ccb92bc693214 mes5/i586/apache-base-2.2.9-12.9mdvmes5.i586.rpm b803256b19d3d6d67c4d0a8bb393b8e8 mes5/i586/apache-devel-2.2.9-12.9mdvmes5.i586.rpm aee26793a2a498fa6dc2f265759d5814 mes5/i586/apache-htcacheclean-2.2.9-12.9mdvmes5.i586.rpm bb56d96f1f9cb12da0c93fa5e8ced62c mes5/i586/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.i586.rpm db388a6e86da85b0345549a769838338 mes5/i586/apache-mod_cache-2.2.9-12.9mdvmes5.i586.rpm 709a73e958cf8ea5e0e4e6de042a9616 mes5/i586/apache-mod_dav-2.2.9-12.9mdvmes5.i586.rpm 0c56296747ba09a45f3fdb65fe98289a mes5/i586/apache-mod_dbd-2.2.9-12.9mdvmes5.i586.rpm 3919222f07bc617a67cd71bf5fcfbced mes5/i586/apache-mod_deflate-2.2.9-12.9mdvmes5.i586.rpm 2bbc3c0f442d8cae8365c876a5ded950 mes5/i586/apache-mod_disk_cache-2.2.9-12.9mdvmes5.i586.rpm 17c669c5adb8cffb402ac967a9f7a422 mes5/i586/apache-mod_file_cache-2.2.9-12.9mdvmes5.i586.rpm 1525f35fab129296b804e5f17d18a6e9 mes5/i586/apache-mod_ldap-2.2.9-12.9mdvmes5.i586.rpm 86c8298f449398214cb3b8a5f399e790 mes5/i586/apache-mod_mem_cache-2.2.9-12.9mdvmes5.i586.rpm 04768b92d82a98f509231d4c870a1623 mes5/i586/apache-mod_proxy-2.2.9-12.9mdvmes5.i586.rpm 27cdd5af7a1c4537b0aad63eba70d561 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.i586.rpm 0735424a7025fd9fec0364615a89399a mes5/i586/apache-mod_ssl-2.2.9-12.9mdvmes5.i586.rpm a7ab1086cd5749fd546d006990240e8a mes5/i586/apache-modules-2.2.9-12.9mdvmes5.i586.rpm 3ceb930ab6712f703342e831e1d11eca mes5/i586/apache-mod_userdir-2.2.9-12.9mdvmes5.i586.rpm e8ec84e75a90188c5382e22f468f9cc6 mes5/i586/apache-mpm-event-2.2.9-12.9mdvmes5.i586.rpm 79139ce85dcc5852013bb94b045728b8 mes5/i586/apache-mpm-itk-2.2.9-12.9mdvmes5.i586.rpm 3ca13b36cde107ba6256f8c6881ae3ff mes5/i586/apache-mpm-peruser-2.2.9-12.9mdvmes5.i586.rpm bff93a0aae65d96a98465b8743d24097 mes5/i586/apache-mpm-prefork-2.2.9-12.9mdvmes5.i586.rpm f31d43be7ef441542cdf5277a951bd13 mes5/i586/apache-mpm-worker-2.2.9-12.9mdvmes5.i586.rpm f0a69821d26df25985425d1e240d22eb mes5/i586/apache-source-2.2.9-12.9mdvmes5.i586.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: b5c4364550d30cadcb8da1713da1be43 mes5/x86_64/apache-base-2.2.9-12.9mdvmes5.x86_64.rpm 65cfde8292d15799777a1c0bf127c078 mes5/x86_64/apache-devel-2.2.9-12.9mdvmes5.x86_64.rpm 11cbc22e93750a05a7c9ac978542dc0d mes5/x86_64/apache-htcacheclean-2.2.9-12.9mdvmes5.x86_64.rpm 603506340ac0226b47e837523a224ccc mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 6b00730124b1155e9e2093b2703549b0 mes5/x86_64/apache-mod_cache-2.2.9-12.9mdvmes5.x86_64.rpm 85996a15d22fc079e980caa59e8d4ec4 mes5/x86_64/apache-mod_dav-2.2.9-12.9mdvmes5.x86_64.rpm 23536fc192a03183b4205cccd26ca9a8 mes5/x86_64/apache-mod_dbd-2.2.9-12.9mdvmes5.x86_64.rpm 92e853e261b90443477cffe13d2003c2 mes5/x86_64/apache-mod_deflate-2.2.9-12.9mdvmes5.x86_64.rpm 9cfe368d3426e7db68eb3028f5859252 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.9mdvmes5.x86_64.rpm 7def06fe5ea594bff7c2c56b0fd702cd mes5/x86_64/apache-mod_file_cache-2.2.9-12.9mdvmes5.x86_64.rpm 8d5e9d9068fd593b39049135b952de3a mes5/x86_64/apache-mod_ldap-2.2.9-12.9mdvmes5.x86_64.rpm 08d7f342b798fbac376b3b98d9b63a8d mes5/x86_64/apache-mod_mem_cache-2.2.9-12.9mdvmes5.x86_64.rpm bc4ae67984c3ff95a6e743f055bdb820 mes5/x86_64/apache-mod_proxy-2.2.9-12.9mdvmes5.x86_64.rpm c7001da2dda0f9f6c123deedc6838c92 mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.9mdvmes5.x86_64.rpm ccebc8825a1e0cfe646e69ac3f69979c mes5/x86_64/apache-mod_ssl-2.2.9-12.9mdvmes5.x86_64.rpm f6e8bd9997495e029c5116946309e674 mes5/x86_64/apache-modules-2.2.9-12.9mdvmes5.x86_64.rpm 0df2b76a7584cdd338ea3a07dc638f91 mes5/x86_64/apache-mod_userdir-2.2.9-12.9mdvmes5.x86_64.rpm 0da8cb061c0e998873ae918632779c91 mes5/x86_64/apache-mpm-event-2.2.9-12.9mdvmes5.x86_64.rpm 4a10c80635de94349ecea9d2a4f47f6f mes5/x86_64/apache-mpm-itk-2.2.9-12.9mdvmes5.x86_64.rpm 85226385f0c88832485bf4cd5971bccc mes5/x86_64/apache-mpm-peruser-2.2.9-12.9mdvmes5.x86_64.rpm bb68e58098534428bb50f440a5b527e6 mes5/x86_64/apache-mpm-prefork-2.2.9-12.9mdvmes5.x86_64.rpm 359057702b8979d498c01e290ada60bf mes5/x86_64/apache-mpm-worker-2.2.9-12.9mdvmes5.x86_64.rpm 1ab2afc3b67ebef018b54326e1316192 mes5/x86_64/apache-source-2.2.9-12.9mdvmes5.x86_64.rpm e77b08e4049e35c70caf5a9772fcb4d6 mes5/SRPMS/apache-2.2.9-12.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLkqZUmqjQ0CJFipgRAi2DAKDqzmVn1xVe0S9g4aPVNUZ1agLOfQCgyOLQ CroOeqtSuQuKm9aO+TC3+rE= =g/4G -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38776 VERIFY ADVISORY: http://secunia.com/advisories/38776/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). 1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests. 3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used. Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14. SOLUTION: Fixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it becomes available. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Reported in a bug report by Philip Pickett ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=917875 http://svn.apache.org/viewvc?view=revision&revision=917870 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2010-0014 Synopsis: VMware Workstation, Player, and ACE address several security issues. Issue date: 2010-09-23 Updated on: 2010-09-23 (initial release of advisory) CVE numbers: CVE-2010-3277 CVE-2010-1205 CVE-2010-0205 CVE-2010-2249 CVE-2010-0434 CVE-2010-0425 - ------------------------------------------------------------------------ 1. Summary VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd. 2. Relevant releases VMware Workstation 7.1.1 and earlier, VMware Player 3.1.1 and earlier, VMware ACE Management Server 2.7.1 and earlier, Note: VMware Server was declared End Of Availability on January 2010, support will be limited to Technical Guidance for the duration of the support term. 3. Problem Description a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3277 to this issue. VMware would like to thank Alexander Trofimov and Marc Esher for independently reporting this issue to VMware. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.x any 7.1.2 build 301548 or later * Workstation 6.5.x any not affected Player 3.x any 3.1.2 build 301548 or later * Player 2.5.x any not affected AMS any any not affected Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note: This only affects the installer, if you have a version of Workstation or Player installed you are not vulnerable. b. Third party libpng updated to version 1.2.44 A buffer overflow condition in libpng is addressed that could potentially lead to code execution with the privileges of the application using libpng. Two potential denial of service issues are also addressed in the update. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-1205, CVE-2010-0205, CVE-2010-2249 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 7.1.x any 7.1.2 build 301548 or later Workstation 6.5.x any affected, patch pending Player 3.1.x any 3.1.2 build 301548 or later Player 2.5.x any affected, patch pending AMS any any not affected Server any any affected, no patch planned Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected c. VMware ACE Management Server (AMS) for Windows updates Apache httpd version 2.2.15. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0434 and CVE-2010-0425 to the issues addressed in this update. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation any any not affected Player any any not affected AMS any Windows 2.7.2 build 301548 or later AMS any Linux affected, patch pending * Server any any not affected Fusion any Mac OS/X not affected ESXi any ESXi not affected ESX any ESX not affected * Note CVE-2010-0425 is not applicable to AMS running on Linux 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 7.1.2 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html Workstation for Windows 32-bit and 64-bit with VMware Tools md5sum: 2e9715ec297dc3ca904ad2707d3e2614 sha1sum: 55b2b99f67c3dacd402fb9880999086efd264e7a Workstation for Windows 32-bit and 64-bit without VMware Tools md5sum: 066929f59aef46f11f4d9fd6c6b36e4d sha1sum: def776a28ee1a21b1ad26e836ae868551fff6fc3 VMware Player 3.1.2 ------------------- http://www.vmware.com/download/player/ Release notes: http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html VMware Player for Windows 32-bit and 64-bit md5sum: 3f289cb33af5e425c92d8512fb22a7ba sha1sum: bf67240c1f410ebeb8dcb4f6d7371334bf9a6b70 VMware Player for Linux 32-bit md5sum: 11e3e3e8753e1d9abbbb92c4e3c1dfe8 sha1sum: dd1dbcdb1f4654eefc11472b68934dcb69842749 VMware Player for Linux 64-bit md5sum: 2ab08e0d4050719845a64d334ca15bb1 sha1sum: f024ad84ec831fce8667dfa9601851da5d9fa59c VMware ACE Management Server 2.7.2 ---------------------------------- http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7 Release notes: http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html ACE Management Server for Windows md5sum: 02f0072b8e48a98ed914b633f070d550 sha1sum: 94a68eac4a328d21a741879b9d063227c0dc1ce4 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425 - ------------------------------------------------------------------------ 6. Change log 2010-09-23 VMSA-2010-0014 Initial security advisory after release of Workstation 7.1.2, Player 3.1.2 and ACE Management Server 2.7.2 on 2010-09-23 - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware Security Advisories http://www.vmware.com/security/advisoiries VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) iEYEARECAAYFAkycSrQACgkQS2KysvBH1xmT9wCfbBUS4GYrJohz+QMLYcoiFmSh eTgAoIAmx+ilbe2myj02daLjFrVQfQII =5jlh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2035-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch April 17, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE Id(s) : CVE-2010-0408 CVE-2010-0434 Two issues have been found in the Apache HTTPD web server: CVE-2010-0408 mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. CVE-2010-0434 A flaw in the core subrequest process code was found, which could lead to a daemon crash (segfault) or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers. For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny7. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.2.15-1. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. - From the apache2 source package: Source archives: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc Size/MD5 checksum: 1682 58737d2f0024a178d40db6f9356e5b6a http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz Size/MD5 checksum: 147059 f599c83adbced41a7339524c512ae0cd http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 Architecture independent packages: http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 45366 9f02e6acd2828a7cfcb5c9e4866ab120 http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 2060854 5b1f6debc65b7ca2ae8156b21f0d0597 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb Size/MD5 checksum: 6737126 afec2194fa17efb6e4096c1019936cd0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 148012 8ecfd6794861e9e3d6978da82bc2cefe http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 849168 55f719672e65f8d4fd8d5e636ce699fc http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 84550 be00c04e09e2674ac29698b375cf929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 261782 b1033eed4f6ef387ba40a9e47f22b55f http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 2402612 88e34405726dc0db8dc6fa08fe9d3015 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 262442 bd016288cc237eb634fb192495e82497 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 209852 4bdaa051f16395f975ae9e23f20656cd http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 208812 b81f75539975f5ce8d9d963d80db736d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 256700 edfa8a0cbf63cab6a556c4dd27469774 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb Size/MD5 checksum: 82844 e30731c8d0d35915b89c971d8f75d601 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 210460 5d06fbdfb55a1df8dbcba748863979ae http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 253932 48d0d2c1809442bc8156b2cfc8479833 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 2474402 297cc14e46752a0eaa74c51745f1b167 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 825742 b6c41005aa6023fd6b8e46a2c2bb54d8 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 211780 5b708928d5ccdd153a133696b0c2f634 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 257998 2f673a0130221479fda2744754886983 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 144544 6f5b0f0b1771560d2c03d9656a29fff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 83122 3d1320b8034c5a264fafe1abda73519a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 258520 c87fc981aa02f36ae6c11ae4864956de http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_amd64.deb Size/MD5 checksum: 84794 e4fc458a59f5752c1f42c78b6fa987f5 arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 224742 ad1a76d935c9556154813b9522dc6bed http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 788804 f5f761306f86bb4d184079ed955c5976 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 221026 0298c56590af4130f885c7fa310ea37d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 213052 7e5d2451da332850ce1023e7c378d10a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 214146 f86977fe84b12fe8023e9bfbb511102a http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 147688 300f2873dad2d5913c9b8263576719f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 2338672 a06089d9f0c9cf6d4e3a79d3042580c1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 84248 35162b0a8a48282954ba150f19693d33 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 82516 9cd27238e0ec866f8dba6005006dc6b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_arm.deb Size/MD5 checksum: 225298 962f8f913a6e3c1dcd15987c3d0d8c9b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 226470 2640d070ec26b2973f12e50004187430 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 222010 f0530b25b7e6b471aa97cc8ec86e735d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 212630 1dcb5bed6c6d3e91d17407cc456cc3d6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 151358 59ecc9ecda664b7a8f401fbf62cf3982 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 213756 e178ec6db09bf648f0ec63f00486fc4a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 2340908 74e02e41ebb2439d902a14f905688be3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 82404 baa982a3b2940ffdc73130536d29fd00 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 84052 4b68dc6b80635d9b2bc7677dd087386e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 802876 b35c7bbe91e1b92d701435dfed0b5736 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_armel.deb Size/MD5 checksum: 226188 c1395ebd59cf917f202de0a1783770d3 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 2384952 fc3cfd3a3295212ef11e81f8dafd6334 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 246522 3e02003e50bcfbb80ebf759fdd940c66 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 245948 2f5dd3734ad765775a32a797850e33ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 84164 46b37167fbef173aa29d8a0883be5fac http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 896872 55bb18bae73b60e8b982111c56b101bc http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 153148 bd52450b076b8f55d0095112e733cd8c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 82416 fa04a87df2de26ec8259bf70e5e8d926 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 213134 2dd0368d2b94941264e55b8b3f20857f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 241646 dc2e2b09a0c72ff0e01ba136dfefa856 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_hppa.deb Size/MD5 checksum: 211854 d83149e56efd9c074b32c961a6272b23 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 238526 97ff922ee6bf6c19cee164794630256d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 210052 34369451ba65d4a734034a0dfba31345 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 211200 a4da7ec33873626b51191c56a5974e8b http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 82508 b6443c6a2c94a2ef8627802c0a0cbaa3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 242016 13be25ca0b28f708a0defd5225d1d1d7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 782932 4b5e5364b62eda87bffb60f5bb37f04e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 84238 c43d713e364322ddb3af3bcaf0e4de9d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 241622 1293d06d3a572a5d0e4e96f201cf32c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 146222 75ce464a2e479e4806dd55926143be47 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_i386.deb Size/MD5 checksum: 2317652 69ccff7beaa71326022cbc06d41fcfa5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 83682 f31ab5b2b2e52571a13e57fe76e131fc http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 2319396 b212a76ab3692819f9038c48163423c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 85694 8ee80e22226a42cf7026e805ae1fc3ba http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 303620 4c60aef451289494b86068d3554ebc42 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 311254 3cdb05084df1bc4aca51152aa30fa278 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 312292 70f294dc7cb432ace777ed43cb91ca4b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 1038294 591ffdeebd2f55f2462de2076c509878 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 209912 e0e96ce793583af713f59c5e10c6de80 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 163266 23277a351e4b1560d715dc57f1b7701a http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_ia64.deb Size/MD5 checksum: 208830 f8953d6f26e275b28ffcc7e3189c98e3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 229742 c4f54d969a0a202f03ccd1508664bc9c http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 210200 b787622b559b2283a5627577f6a674dc http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 233314 21767ab217dc89d701235342e5131f79 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 793674 2701365a1cf8a0431a587db97936145d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 2492036 3e8cb9a08b422dd062461e959df1c8cd http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 211322 5d2769bfe8182bdbbf9854c3fee80376 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 152188 22f386ca6335b4af7c3210da76f306d9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 82576 7dc12e73fed40a5d8bc5784cddfdadf8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 233976 4481891d78d49539d029eca1928a716c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mips.deb Size/MD5 checksum: 84198 e46b26c2efa7f439aee81000f750b12d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 232250 495c2e976772a7c2e4a711908ff31a0c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 209870 ef6cfcd63e072cc47b368f6ed7153281 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 208844 7b2d354c6ef23a33977561518c66676a http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 779224 d2b383edaba6ee943872c6a8099fc722 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 83834 bc7152c16e202516cbe475c19be39e7f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 228206 6222f49c5a6ce469d38b1027c552cb8e http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 2421350 e2b868f3aefc3aed746aba0770473f30 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 150218 e37c40c73f8bd7c8b93a4281c832648c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 82252 8e90c947c9e6c7ae38b17fe706a9a11a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mipsel.deb Size/MD5 checksum: 232940 335201394e1c507909e3663be2b3b5ba powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 254146 a4e1c794bcceef63b264aaaac6d67fd6 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 2513082 5d896ec8ef209fcda5742a1a9ec200d7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 928912 ff0ea38f535697f81105d9bb2b07e2be http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 258590 48435b265870f9a5beaea30db05de8ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 83644 0b811450f6b2804d38e3fe4686078084 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 259404 693ac4132feb7dd1a52971371ecd56d1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 85332 7e755948550dfbce7d6525388a8b5b9f http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 212826 59d76ffc9981fabf770ee407a27af52a http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 161298 d6a7dc59a2d2554ef51783fab9fb0c15 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_powerpc.deb Size/MD5 checksum: 211768 d691e724c006564585b0175eb67f291c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 260994 a839172525a323cad3d0879d1ff89210 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 84792 ff59eafc0f68f90776fb940733d933f7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 843642 ac1abdcc444471bf5503bdefb4e59c4f http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 2429228 b4f680c4a7aaa90f7eadcc01928ce710 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 256712 18e714b8f5ef70e9c396caca6d7ce698 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 211236 929c4f162f963423b4233ca6439586e6 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 83070 1e1ec69bf9e2839c3db02033f6b1ca89 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 261668 3213f36030783167b4c0300834a682dd http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 212240 1abc24eb70132596c0b076db8cf0c2db http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_s390.deb Size/MD5 checksum: 150732 1bfc74bf4dc77c53cf31e60e94aa28cb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 145952 f665453436258bb0d921229808e5ee87 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 82862 39ea998f8c0db9567910a7d5e934a2c5 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 784222 013f896249de3f01408300e337c36b49 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 211916 2be53e81254cd2a7d83b7c1bd9bac1d1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 241270 99365a7e4a516b8427253bac3ce69a44 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 240778 f61fd467b85116b45c87cc48931861a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 84606 ed8d2bfc1cec31ff3c638ae8f892d6d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 213132 df1fab5a87a80e0e66b80d50086dc218 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 2233030 ac06cea995c866a6fd27a8922d2bd5d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_sparc.deb Size/MD5 checksum: 237138 7ad176ecb1f799f6a954afd9ee1a31e8 - From the apache2-mpm-itk source package: alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b4_alpha.deb Size/MD5 checksum: 198270 37511ff523c00dfd94686da9c4ed1ad7 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_amd64.deb Size/MD5 checksum: 195222 9764e5a1bcdf1501381c5cb22d1101db arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_arm.deb Size/MD5 checksum: 161916 6d9216fb6195f975464391c366d5d6eb armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_armel.deb Size/MD5 checksum: 162904 9035f96ad7ec223298f256129a5f4fba hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_hppa.deb Size/MD5 checksum: 183304 306d679dc522570254dcaa81b3105e73 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_i386.deb Size/MD5 checksum: 178986 b955efd13a0734596a0b936913d564b2 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_ia64.deb Size/MD5 checksum: 247228 3a115bf303067a8c29d2ec127a7ccc56 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mips.deb Size/MD5 checksum: 171054 a118f468ac32c7d2388fd98b98e8fffe mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mipsel.deb Size/MD5 checksum: 169500 90ac7e587508c02e3a0aac3d29087f7f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_powerpc.deb Size/MD5 checksum: 195234 914bb47b1c30dcb494a713ee17125b69 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_s390.deb Size/MD5 checksum: 197564 be5c1c16a345935ad5a8e1fc299301e5 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_sparc.deb Size/MD5 checksum: 177732 acce311a9354b32da0b6d7f8f0255f70 These files will probably be moved into the stable distribution on its next update. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Release Date: 2010-06-02 Last Updated: 2010-06-02 - ----------------------------------------------------------------------------- Potential Security Impact: Remote Denial of Service (DoS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30; CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09. RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL http://software.hp.com Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15 Web Server Suite Version / HP-UX Release / Depot name Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot MANUAL ACTIONS: Yes - Update Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For Web Server Suite before v3.09 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.09 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.09 or subsequent For Web Server Suite before v2.30 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY action: install revision B.2.0.59.15 or subsequent HP-UX B.11.31 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 2 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Trust: 4.14

sources: NVD: CVE-2010-0434 // CERT/CC: VU#280613 // JVNDB: JVNDB-2010-001174 // JVNDB: JVNDB-2011-001633 // BID: 38580 // BID: 38494 // VULMON: CVE-2010-0434 // PACKETSTORM: 86978 // PACKETSTORM: 86860 // PACKETSTORM: 94244 // PACKETSTORM: 88619 // PACKETSTORM: 90263

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:ltversion:2.0.64

Trust: 1.8

vendor:apachemodel:http serverscope:ltversion:2.2.15

Trust: 1.8

vendor:hitachimodel:web serverscope: - version: -

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:oraclemodel:http serverscope:eqversion:10.1.3.5.0

Trust: 1.1

vendor:ibmmodel:http serverscope:eqversion:7.0

Trust: 1.1

vendor:ibmmodel:websphere application serverscope:eqversion:7.0

Trust: 1.1

vendor:apachemodel:http serverscope:gteversion:2.0.35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:13

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:11

Trust: 1.0

vendor:apache http servermodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:2.0.47.x

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.0

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.1

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:oraclemodel:opensolarisscope: - version: -

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:hewlett packardmodel:hp-ux apache-based web serverscope:eqversion:v.2.2.15.03

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux eusscope:eqversion:5.4.z (server)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:ibmmodel:http serverscope:eqversion:6.1.0

Trust: 0.6

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.10

Trust: 0.6

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.6

vendor:redhatmodel:certificate serverscope:eqversion:7.3

Trust: 0.6

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.6

vendor:kolabmodel:groupware server 2.2-rc3scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.22

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.18

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.11

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.15

Trust: 0.6

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.6

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.6

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.6

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.6

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.0.29

Trust: 0.6

vendor:bluemodel:coat systems directorscope:eqversion:5.2.2.5

Trust: 0.6

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.6

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.6

vendor:avayamodel:intuity audix lx sp2scope:eqversion:2.0

Trust: 0.6

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.6

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.1

Trust: 0.6

vendor:kolabmodel:groupware server -rc2scope:eqversion:2.2

Trust: 0.6

vendor:kolabmodel:groupware serverscope:eqversion:2.2.3

Trust: 0.6

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.6

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.21

Trust: 0.6

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1

Trust: 0.6

vendor:bluemodel:coat systems directorscope:eqversion:0

Trust: 0.6

vendor:avayamodel:intuity audix lx sp1scope:eqversion:2.0

Trust: 0.6

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.1

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.6

Trust: 0.6

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.6

vendor:bluemodel:coat systems directorscope:neversion:5.5.2.3

Trust: 0.6

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.6

vendor:bluemodel:coat systems directorscope:eqversion:5.5

Trust: 0.6

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.6

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.25

Trust: 0.6

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.9

Trust: 0.6

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0.1

Trust: 0.6

vendor:kolabmodel:groupware serverscope:neversion:2.2.4

Trust: 0.6

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.6

vendor:kolabmodel:groupware serverscope:eqversion:2.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.13

Trust: 0.6

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.1

Trust: 0.6

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.6

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.6

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.6

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.6

vendor:kolabmodel:groupware serverscope:eqversion:2.2.2

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:avayamodel:meeting exchange sp2scope:eqversion:5.0

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.2

Trust: 0.6

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.8

Trust: 0.6

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.6

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1

Trust: 0.6

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.14

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.19

Trust: 0.6

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.2

Trust: 0.6

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.17

Trust: 0.6

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.6

vendor:bluemodel:coat systems directorscope:eqversion:5.4

Trust: 0.6

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.6

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.12

Trust: 0.6

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.7

Trust: 0.6

vendor:kolabmodel:groupware server 2.2-rc1scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.0.27

Trust: 0.6

vendor:bluemodel:coat systems directorscope:eqversion:4.2.2.4

Trust: 0.6

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.3

Trust: 0.6

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.6

vendor:kolabmodel:groupware server beta3scope:eqversion:2.2

Trust: 0.6

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.5

Trust: 0.6

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.6

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 74scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.20

Trust: 0.6

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.6

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.6

vendor:kolabmodel:groupware server beta1scope:eqversion:2.2

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.23

Trust: 0.6

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 111bscope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:eqversion:6.1.4

Trust: 0.6

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.6

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.6

vendor:ibmmodel:websphere application serverscope:neversion:6.1.0.31

Trust: 0.6

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.6

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.6

vendor:avayamodel:meeting exchange sp1scope:eqversion:5.0

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.0

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.5

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.9

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.6

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.2

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.1

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.3

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.8

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.2.4

Trust: 0.6

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:2.2.5-devscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.6.5

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for rhel esscope:eqversion:41.0

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.17

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.13

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.35

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.6

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.12

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:7.0.11

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:apachemodel:2.2.6-devscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.1

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:6.0.2.41

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.3

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:susemodel:linux enterprise sp2scope:eqversion:10

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.19

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:vmwaremodel:ace management server for linuxscope:eqversion:0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.1

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:2

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.15

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.13

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for rhel serverscope:eqversion:51.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.27

Trust: 0.3

vendor:susemodel:linux enterprisescope:eqversion:11

Trust: 0.3

vendor:apachemodel:2.2.7-devscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server for rhel asscope:eqversion:41.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.2

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:apachemodel:2.2.15-devscope:neversion: -

Trust: 0.3

vendor:apachemodel:apachescope:neversion:2.2.15

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.14

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.3

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.19

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.4

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:6.1.31

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.33

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.25

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.11

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.12

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.8

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.1.0.13

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.27

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:6.0.2.23

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:apachescope:eqversion:2.2.9

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:apachemodel:software foundation apache 2.0.62-devscope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.58

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.03

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.54

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.42

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.11

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.38

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.52

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:eqversion:41.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.63

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.41

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.5-devscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.8

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.57

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.9

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:eqversion:41.0

Trust: 0.3

vendor:avayamodel:communication manager sp3scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:4.0

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.13

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.9

Trust: 0.3

vendor:apachemodel:software foundation apachescope:neversion:2.2.15

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.15-devscope:neversion: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.59

Trust: 0.3

vendor:apachemodel:software foundation apache 2.0.60-devscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.49

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition bscope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:communication manager sp1scope:eqversion:4.0.3

Trust: 0.3

vendor:apachemodel:software foundation apache 2.0.61-devscope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.8

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.50

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.10

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.6

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.5

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.1.2

Trust: 0.3

vendor:apachemodel:software foundation apache -devscope:eqversion:2.0.56

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.51

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.12

Trust: 0.3

vendor:apachemodel:software foundation apache 2.0.64-devscope:neversion: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.7

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.53

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:eqversion:7.0.0.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:eqversion:51.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.6-devscope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.55

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.37

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:2.0.47

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.39

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:opensolarisscope:eqversion:0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.3

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.48

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.45

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:apachemodel:software foundation apache 2.2.7-devscope: - version: -

Trust: 0.3

vendor:ibmmodel:websphere application serverscope:neversion:7.0.11

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.43

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.47

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0bscope: - version: -

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.46

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.2

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.44

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.0.40

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.1

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.14

Trust: 0.3

vendor:apachemodel:software foundation apachescope:eqversion:2.2.4

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

sources: CERT/CC: VU#280613 // BID: 38580 // BID: 38494 // JVNDB: JVNDB-2010-001174 // JVNDB: JVNDB-2011-001633 // CNNVD: CNNVD-201003-073 // NVD: CVE-2010-0434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0434
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0434
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2011-001633
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201003-073
value: MEDIUM

Trust: 0.6

VULMON: CVE-2010-0434
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0434
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

IPA: JVNDB-2011-001633
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: VULMON: CVE-2010-0434 // JVNDB: JVNDB-2010-001174 // JVNDB: JVNDB-2011-001633 // CNNVD: CNNVD-201003-073 // NVD: CVE-2010-0434

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2010-001174 // NVD: CVE-2010-0434

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 86978 // PACKETSTORM: 88619 // CNNVD: CNNVD-201003-073

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201003-073

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001174

PATCH
title:HS11-007url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-007/index.html
Trust: 1.6
title:Fixed in Apache httpd 2.0.64url:http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64
Trust: 0.8
title:Fixed in Apache httpd 2.2.15url:http://httpd.apache.org/security/vulnerabilities_22.html#2.2.15
Trust: 0.8
title:917867url:http://svn.apache.org/viewvc?view=revision&revision=917867
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
title:httpd-2.2.3-31.4.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1017
Trust: 0.8
title:HPUXWSATW313url:https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313
Trust: 0.8
title:HPSBUX02531url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02160663
Trust: 0.8
title:PM10658url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658
Trust: 0.8
title:PM08939url:http://www-01.ibm.com/support/docview.wss?uid=swg1PM08939
Trust: 0.8
title:7014463url:http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70011
Trust: 0.8
title:7014506url:http://www-01.ibm.com/support/docview.wss?uid=swg27014506#70011
Trust: 0.8
title:4026207url:http://www-01.ibm.com/support/docview.wss?uid=swg24026207
Trust: 0.8
title:2216url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2216
Trust: 0.8
title:2044url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2044
Trust: 0.8
title:Oracle Critical Patch Update Advisory - July 2013url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - July 2013 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html
Trust: 0.8
title:RHSA-2010:0168url:https://rhn.redhat.com/errata/RHSA-2010-0168.html
Trust: 0.8
title:RHSA-2010:0175url:https://rhn.redhat.com/errata/RHSA-2010-0175.html
Trust: 0.8
title:multiple_vulnerabilities_in_the_apacheurl:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache
Trust: 0.8
title:July 2013 Critical Patch Update Released url:https://blogs.oracle.com/security/entry/july_2013_critical_patch_update
Trust: 0.8
title:TLSA-2010-9url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-9j.txt
Trust: 0.8
title:HS11-007url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html
Trust: 0.8
title:interstage_as_201002url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201002.html
Trust: 0.8
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3981
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3985
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3989
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3993
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3997
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=4001
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3969
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3973
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3977
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3984
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3988
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3992
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3996
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=4000
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3968
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3972
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3976
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3980
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3983
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3987
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3991
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3995
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3999
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3967
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3971
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3975
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3979
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3982
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3986
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3990
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3994
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3998
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windowsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=4002
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for ibm iurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3966
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3970
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3974
Trust: 0.6
title:7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIXurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=3978
Trust: 0.6
title:httpd-2.2.15.tarurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=235
Trust: 0.6
title:httpd-2.2.15.tarurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234
Trust: 0.6
title:httpd-2.2.15-win32-srcurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=233
Trust: 0.6
title:httpd-2.2.15-win32-src-r2url:http://123.124.177.30/web/xxk/bdxqById.tag?id=232
Trust: 0.6
title:Red Hat: Low: httpd security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100175 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: httpd security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100168 - Security Advisory
Trust: 0.1
title:Debian Security Advisories: DSA-2035-1 apache2 -- multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=3811ba0094d0547e7396cfccd4bfa0e7
Trust: 0.1
title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-908-1
Trust: 0.1
title:Debian CVElist Bug Report Logs: "slowloris" denial-of-service vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=5ed45f95901af77f1f752912d098b48e
Trust: 0.1
title:Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=508649a9a651b4fb32a5cc0f1310d652
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2010-0434 
Trust: 0.1
title:Pentest-Cheetsheeturl:https://github.com/MrFrozenPepe/Pentest-Cheetsheet 
Trust: 0.1
title:ReconScanurl:https://github.com/GiJ03/ReconScan 
Trust: 0.1
title:ReconScanurl:https://github.com/RoliSoft/ReconScan 
Trust: 0.1
title:testurl:https://github.com/issdp/test 
Trust: 0.1
title:ReconScanurl:https://github.com/kira1111/ReconScan 
Trust: 0.1
title: - url:https://github.com/SecureAxom/strike 
Trust: 0.1
title: - url:https://github.com/DButter/whitehat_public 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2010-0434 // 
            
            
            
            JVNDB: JVNDB-2010-001174 // 
            
            
            
            JVNDB: JVNDB-2011-001633 // 
            
            
            
            CNNVD: CNNVD-201003-073

EXTERNAL IDS
db:NVDid:CVE-2010-0434
Trust: 4.3
db:BIDid:38494
Trust: 2.8
db:SECUNIAid:39115
Trust: 2.5
db:SECUNIAid:40096
Trust: 2.5
db:SECUNIAid:39100
Trust: 2.5
db:SECUNIAid:39628
Trust: 2.5
db:SECUNIAid:38776
Trust: 1.7
db:SECUNIAid:39656
Trust: 1.7
db:SECUNIAid:39501
Trust: 1.7
db:SECUNIAid:39632
Trust: 1.7
db:VUPENid:ADV-2010-1057
Trust: 1.7
db:VUPENid:ADV-2010-0994
Trust: 1.7
db:VUPENid:ADV-2010-1001
Trust: 1.7
db:VUPENid:ADV-2010-1411
Trust: 1.7
db:VUPENid:ADV-2010-0911
Trust: 1.7
db:BIDid:38580
Trust: 1.2
db:CERT/CCid:VU#280613
Trust: 1.1
db:XFid:56625
Trust: 0.8
db:JVNDBid:JVNDB-2010-001174
Trust: 0.8
db:JVNDBid:JVNDB-2011-001633
Trust: 0.8
db:CNNVDid:CNNVD-201003-073
Trust: 0.6
db:VULMONid:CVE-2010-0434
Trust: 0.1
db:PACKETSTORMid:86978
Trust: 0.1
db:PACKETSTORMid:86860
Trust: 0.1
db:PACKETSTORMid:94244
Trust: 0.1
db:PACKETSTORMid:88619
Trust: 0.1
db:PACKETSTORMid:90263
Trust: 0.1
sources:
            
            
            CERT/CC: VU#280613 // 
            
            
            
            VULMON: CVE-2010-0434 // 
            
            
            
            BID: 38580 // 
            
            
            
            BID: 38494 // 
            
            
            
            JVNDB: JVNDB-2010-001174 // 
            
            
            
            JVNDB: JVNDB-2011-001633 // 
            
            
            
            PACKETSTORM: 86978 // 
            
            
            
            PACKETSTORM: 86860 // 
            
            
            
            PACKETSTORM: 94244 // 
            
            
            
            PACKETSTORM: 88619 // 
            
            
            
            PACKETSTORM: 90263 // 
            
            
            
            CNNVD: CNNVD-201003-073 // 
            
            
            
            NVD: CVE-2010-0434

REFERENCES
url:https://issues.apache.org/bugzilla/show_bug.cgi?id=48359
Trust: 2.9
url:http://httpd.apache.org/security/vulnerabilities_22.html
Trust: 2.7
url:http://www.securityfocus.com/bid/38494
Trust: 2.5
url:http://secunia.com/advisories/39628
Trust: 2.5
url:http://secunia.com/advisories/40096
Trust: 2.5
url:http://secunia.com/advisories/39100
Trust: 2.5
url:http://secunia.com/advisories/39115
Trust: 2.5
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247
Trust: 2.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm08939
Trust: 2.3
url:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Trust: 2.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm15829
Trust: 2.0
url:http://svn.apache.org/viewvc?view=revision&revision=917867
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0434
Trust: 1.8
url:http://secunia.com/advisories/38776/
Trust: 1.7
url:http://svn.apache.org/viewvc?view=revision&revision=918427
Trust: 1.7
url:https://bugzilla.redhat.com/show_bug.cgi?id=570171
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2010-0168.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2010-0175.html
Trust: 1.7
url:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
Trust: 1.7
url:http://secunia.com/advisories/39501
Trust: 1.7
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html
Trust: 1.7
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/1057
Trust: 1.7
url:http://secunia.com/advisories/39632
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/0911
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/0994
Trust: 1.7
url:http://www.debian.org/security/2010/dsa-2035
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/1001
Trust: 1.7
url:http://secunia.com/advisories/39656
Trust: 1.7
url:http://www.vupen.com/english/advisories/2010/1411
Trust: 1.7
url:http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Trust: 1.7
url:http://www.vmware.com/security/advisories/vmsa-2010-0014.html
Trust: 1.7
url:http://support.apple.com/kb/ht4435
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=127557640302499&w=2
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/56625
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8695
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10358
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0434
Trust: 1.6
url:http://svn.apache.org/viewvc?view=revision&revision=917870
Trust: 1.2
url:http://httpd.apache.org/security/vulnerabilities_20.html
Trust: 1.1
url: http://www.senseofsecurity.com.au/advisories/sos-10-002
Trust: 1.1
url:http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h
Trust: 1.1
url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e
Trust: 1.1
url:http://svn.apache.org/viewvc?view=revision&revision=917875
Trust: 0.9
url:http://www.securityfocus.com/bid/38580
Trust: 0.9
url:http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache
Trust: 0.9
url:http://xforce.iss.net/xforce/xfdb/56625
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://httpd.apache.org/
Trust: 0.6
url:http://kolab.org/pipermail/kolab-announce/2010/000095.html
Trust: 0.6
url:http://support.avaya.com/css/p8/documents/100081009
Trust: 0.6
url:https://kb.bluecoat.com/index?page=content&id=sa61&actp=list
Trust: 0.6
url:httpd.apache.org%3e
Trust: 0.6
url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.
Trust: 0.6
url:httpd.apache.org/security/vulnerabilities_22.html
Trust: 0.6
url:https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.
Trust: 0.6
url:httpd/branches/2.2.x/server/protocol.c?r1=917617&r2=917867&pathrev=917867&diff_format=h
Trust: 0.6
url:http://svn.apache.org/viewvc/
Trust: 0.6
url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.
Trust: 0.6
url:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2010-0434
Trust: 0.4
url:http://www-01.ibm.com/support/docview.wss?uid=nas2bf1cf911c7a90284862576ed003c73aa
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100081010
Trust: 0.3
url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm09447
Trust: 0.3
url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201002e.html
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/280613
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2010-0408
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2010:0175
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2010-0434
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://usn.ubuntu.com/908-1/
Trust: 0.1
url:https://www.debian.org/security/./dsa-2035
Trust: 0.1
url:http://www.mandriva.com/security/
Trust: 0.1
url:http://www.mandriva.com/security/advisories
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://www.vmware.com/security/advisoiries
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0205
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0425
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1205
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3277
Trust: 0.1
url:http://www.vmware.com/download/player/
Trust: 0.1
url:http://www.vmware.com/security
Trust: 0.1
url:http://downloads.vmware.com/d/info/desktop_downloads/vmware_ace/2_7
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3277
Trust: 0.1
url:http://kb.vmware.com/kb/1055
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1205
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0205
Trust: 0.1
url:http://www.vmware.com/download/ws/
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0425
Trust: 0.1
url:http://downloads.vmware.com/support/ws71/doc/releasenotes_ws712.html
Trust: 0.1
url:http://www.vmware.com/support/policies/security_response.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2249
Trust: 0.1
url:http://downloads.vmware.com/support/player31/doc/releasenotes_player312.html
Trust: 0.1
url:http://www.vmware.com/support/policies/eos.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2249
Trust: 0.1
url:http://downloads.vmware.com/support/ace27/doc/releasenotes_ace272.html
Trust: 0.1
url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Trust: 0.1
url:http://www.vmware.com/support/policies/eos_vi.html
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://www.debian.org/security/faq
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b4_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/
Trust: 0.1
url:http://www.debian.org/security/
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_hppa.deb
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_sparc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_i386.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_arm.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_ia64.deb
Trust: 0.1
url:http://packages.debian.org/<pkg>
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_powerpc.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_s390.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mips.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb
Trust: 0.1
url:http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0740
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3095
Trust: 0.1
url:http://software.hp.com
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3094
Trust: 0.1
url:http://www.itrc.hp.com/service/cki/secbullarchive.do
Trust: 0.1
url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc
Trust: 0.1
url:https://www.hp.com/go/swa
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-0433
Trust: 0.1
url:http://h30046.www3.hp.com/subsignin.php
Trust: 0.1
sources:
            
            
            CERT/CC: VU#280613 // 
            
            
            
            VULMON: CVE-2010-0434 // 
            
            
            
            BID: 38580 // 
            
            
            
            BID: 38494 // 
            
            
            
            JVNDB: JVNDB-2010-001174 // 
            
            
            
            JVNDB: JVNDB-2011-001633 // 
            
            
            
            PACKETSTORM: 86978 // 
            
            
            
            PACKETSTORM: 86860 // 
            
            
            
            PACKETSTORM: 94244 // 
            
            
            
            PACKETSTORM: 88619 // 
            
            
            
            PACKETSTORM: 90263 // 
            
            
            
            CNNVD: CNNVD-201003-073 // 
            
            
            
            NVD: CVE-2010-0434

CREDITS
Brett Gervasoni
Trust: 0.9
sources:
            
            
            BID: 38494 // 
            
            
            
            CNNVD: CNNVD-201003-073

SOURCES
db:CERT/CCid:VU#280613
db:VULMONid:CVE-2010-0434
db:BIDid:38580
db:BIDid:38494
db:JVNDBid:JVNDB-2010-001174
db:JVNDBid:JVNDB-2011-001633
db:PACKETSTORMid:86978
db:PACKETSTORMid:86860
db:PACKETSTORMid:94244
db:PACKETSTORMid:88619
db:PACKETSTORMid:90263
db:CNNVDid:CNNVD-201003-073
db:NVDid:CVE-2010-0434

LAST UPDATE DATE
2024-09-15T22:38:31.038000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#280613date:2010-03-11T00:00:00
db:VULMONid:CVE-2010-0434date:2023-02-13T00:00:00
db:BIDid:38580date:2015-04-13T21:39:00
db:BIDid:38494date:2015-04-13T21:26:00
db:JVNDBid:JVNDB-2010-001174date:2014-05-21T00:00:00
db:JVNDBid:JVNDB-2011-001633date:2014-05-21T00:00:00
db:CNNVDid:CNNVD-201003-073date:2023-02-14T00:00:00
db:NVDid:CVE-2010-0434date:2023-02-13T04:16:29.297

SOURCES RELEASE DATE
db:CERT/CCid:VU#280613date:2010-03-11T00:00:00
db:VULMONid:CVE-2010-0434date:2010-03-05T00:00:00
db:BIDid:38580date:2010-03-02T00:00:00
db:BIDid:38494date:2010-03-02T00:00:00
db:JVNDBid:JVNDB-2010-001174date:2010-03-23T00:00:00
db:JVNDBid:JVNDB-2011-001633date:2011-06-29T00:00:00
db:PACKETSTORMid:86978date:2010-03-08T21:23:47
db:PACKETSTORMid:86860date:2010-03-03T13:02:16
db:PACKETSTORMid:94244date:2010-09-25T18:50:30
db:PACKETSTORMid:88619date:2010-04-19T20:24:19
db:PACKETSTORMid:90263date:2010-06-04T04:25:14
db:CNNVDid:CNNVD-201003-073date:2010-03-05T00:00:00
db:NVDid:CVE-2010-0434date:2010-03-05T19:30:00.577