ID

VAR-201108-0132

CVE

CVE-2011-3192

TITLE

Apache HTTPD 1.3/2.x Range header DoS vulnerability

DESCRIPTION

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the 'Range' header and the 'Range-Request' header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, "Apache Killer" The attack tool called is released. Apache The advisory states that: "Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100's of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal 'bucket brigades' deal with serving such "valid" request. The problem is that currently such requests internally explode into 100's of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy."Service disruption by a remote third party (DoS) There is a possibility of being attacked. ========================================================================== Ubuntu Security Notice USN-1199-1 September 01, 2011 apache2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: A remote attacker could send crafted input to Apache and cause it to crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: apache2.2-bin 2.2.17-1ubuntu1.2 Ubuntu 10.10: apache2.2-bin 2.2.16-1ubuntu3.3 Ubuntu 10.04 LTS: apache2.2-bin 2.2.14-5ubuntu8.6 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.21 apache2-mpm-perchild 2.2.8-1ubuntu0.21 apache2-mpm-prefork 2.2.8-1ubuntu0.21 apache2-mpm-worker 2.2.8-1ubuntu0.21 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/httpd-2.2.21-i486-1_slack13.37.txz: Upgraded. Respond with HTTP_NOT_IMPLEMENTED when the method is not recognized. [Jean-Frederic Clere] SECURITY: CVE-2011-3348 Fix a regression introduced by the CVE-2011-3192 byterange fix in 2.2.20. PR 51748. [<lowprio20 gmail.com>] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.21-i486-1_slack12.0.tgz Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.21-i486-1_slack12.1.tgz Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.21-i486-1_slack12.2.tgz Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.21-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.21-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.21-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.21-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.21-i486-1_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.21-x86_64-1_slack13.37.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.21-i486-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.21-x86_64-1.txz MD5 signatures: +-------------+ Slackware 12.0 package: e6ed3d69eeb235a35799ad4fb43b02bb httpd-2.2.21-i486-1_slack12.0.tgz Slackware 12.1 package: 531a640d39b1ec2f4216a8fa4cea9c52 httpd-2.2.21-i486-1_slack12.1.tgz Slackware 12.2 package: f93ceab045175be85509f0b9f7be0993 httpd-2.2.21-i486-1_slack12.2.tgz Slackware 13.0 package: 569145d8fb1f800f04f4d6333f16f704 httpd-2.2.21-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 03f6c419d49e3c4a351956ad27d72fd6 httpd-2.2.21-x86_64-1_slack13.0.txz Slackware 13.1 package: 1a218016a62fbaf8a110e6afcc6789b2 httpd-2.2.21-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 82eed1a8af9ab4545a18158f4a4641c1 httpd-2.2.21-x86_64-1_slack13.1.txz Slackware 13.37 package: d7c15df0fcc28648220ad329b0685f65 httpd-2.2.21-i486-1_slack13.37.txz Slackware x86_64 13.37 package: a192a12b1b63489733a7b8fc62435d3d httpd-2.2.21-x86_64-1_slack13.37.txz Slackware -current package: a16f461ad9843823811c40de6f38b63e n/httpd-2.2.21-i486-1.txz Slackware x86_64 -current package: 0b4c491e383ea496020db90aa67b970c n/httpd-2.2.21-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg httpd-2.2.21-i486-1_slack13.37.txz Then, restart the httpd daemon. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Packages for 2009.0 are provided as of the Extended Maintenance Program. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 794722078d25e916e10d41dab7099529 2009.0/i586/apache-base-2.2.9-12.12mdv2009.0.i586.rpm 95e2263fdc53b7e5ca1087bd207b67f0 2009.0/i586/apache-devel-2.2.9-12.12mdv2009.0.i586.rpm fd2387b91e3d050df4dcb8f71c66b00d 2009.0/i586/apache-htcacheclean-2.2.9-12.12mdv2009.0.i586.rpm a79155011bcfd0b9d35ad775826cbcfb 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.12mdv2009.0.i586.rpm 1efee802fe6a3ca7e59065ba75fd4ffd 2009.0/i586/apache-mod_cache-2.2.9-12.12mdv2009.0.i586.rpm c4f4067f4f32f7b1bd02c510c85e778d 2009.0/i586/apache-mod_dav-2.2.9-12.12mdv2009.0.i586.rpm 0e2cc898950204b5ece75c73d37099f4 2009.0/i586/apache-mod_dbd-2.2.9-12.12mdv2009.0.i586.rpm 6d847a5c982da5f0f6eba3f8e3ea9f31 2009.0/i586/apache-mod_deflate-2.2.9-12.12mdv2009.0.i586.rpm c07fec10959c58aafaef912c1bc4ba9b 2009.0/i586/apache-mod_disk_cache-2.2.9-12.12mdv2009.0.i586.rpm 4b0bc90c0c55d6a6e35d7b95089897e2 2009.0/i586/apache-mod_file_cache-2.2.9-12.12mdv2009.0.i586.rpm b2e3e87000d17bd19ef1e90c216e5575 2009.0/i586/apache-mod_ldap-2.2.9-12.12mdv2009.0.i586.rpm db73005fe9ac79e270363e366cbba80e 2009.0/i586/apache-mod_mem_cache-2.2.9-12.12mdv2009.0.i586.rpm 3a2601e4b6b38a018270faf3f9eeae05 2009.0/i586/apache-mod_proxy-2.2.9-12.12mdv2009.0.i586.rpm 7f4b71f64e79751b70b805b27de0befb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.12mdv2009.0.i586.rpm 5a2ee6a9495dca9fa35e9dc1cf5eadee 2009.0/i586/apache-mod_ssl-2.2.9-12.12mdv2009.0.i586.rpm b8dd7ed23f1d52826b0a7aa26db65d25 2009.0/i586/apache-modules-2.2.9-12.12mdv2009.0.i586.rpm df32690f6a0c881b9b88f5dbe839bfca 2009.0/i586/apache-mod_userdir-2.2.9-12.12mdv2009.0.i586.rpm 75b95ec22e34447b298ac4cda1f62a4d 2009.0/i586/apache-mpm-event-2.2.9-12.12mdv2009.0.i586.rpm 8986041e7735220e865e903713c6585a 2009.0/i586/apache-mpm-itk-2.2.9-12.12mdv2009.0.i586.rpm 7db0f13f8777a84e6eb2a4d54c1ed825 2009.0/i586/apache-mpm-peruser-2.2.9-12.12mdv2009.0.i586.rpm 5709d251b49a8fe51847c68c89b03ef4 2009.0/i586/apache-mpm-prefork-2.2.9-12.12mdv2009.0.i586.rpm 9436f8468da7538fd050408c672522fc 2009.0/i586/apache-mpm-worker-2.2.9-12.12mdv2009.0.i586.rpm 9a37ff8ccfe612446431e053df3c55f7 2009.0/i586/apache-source-2.2.9-12.12mdv2009.0.i586.rpm d1f20a10f4a743d492333ee9296c0c45 2009.0/SRPMS/apache-2.2.9-12.12mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f2479060934de461fc5243f44c1c9877 2009.0/x86_64/apache-base-2.2.9-12.12mdv2009.0.x86_64.rpm 744dd6b28a74fe7707a7f485dd714f70 2009.0/x86_64/apache-devel-2.2.9-12.12mdv2009.0.x86_64.rpm 24b61074fcdc90664fdc22fa97731431 2009.0/x86_64/apache-htcacheclean-2.2.9-12.12mdv2009.0.x86_64.rpm ffe9175656c4b9f9a6d1c0905997612f 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.12mdv2009.0.x86_64.rpm e10c4164abab4e7ecdfc354dc26b25c7 2009.0/x86_64/apache-mod_cache-2.2.9-12.12mdv2009.0.x86_64.rpm 0adf7c2b0207c7af3850da6ef054ade4 2009.0/x86_64/apache-mod_dav-2.2.9-12.12mdv2009.0.x86_64.rpm a052d802d4170269e4e84a7f09db2486 2009.0/x86_64/apache-mod_dbd-2.2.9-12.12mdv2009.0.x86_64.rpm dec7e0b69c3d6bb2b691b6d5828f9b4d 2009.0/x86_64/apache-mod_deflate-2.2.9-12.12mdv2009.0.x86_64.rpm e9d6a08421ce454bad59cd63f7298cde 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.12mdv2009.0.x86_64.rpm 9add3c7b179e884d55e24f5fab1507e6 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.12mdv2009.0.x86_64.rpm c097e8abb528f4e04279012e2e77ebed 2009.0/x86_64/apache-mod_ldap-2.2.9-12.12mdv2009.0.x86_64.rpm 02396d0d003be14aa6361d8bf9a2d5c0 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.12mdv2009.0.x86_64.rpm 769f0f0836ccf07367d0efac06467a33 2009.0/x86_64/apache-mod_proxy-2.2.9-12.12mdv2009.0.x86_64.rpm 0e4c4a945729b9c8d2535796f4cd7e9e 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.12mdv2009.0.x86_64.rpm 7180962ec0dae497928579f2ec90d6b9 2009.0/x86_64/apache-mod_ssl-2.2.9-12.12mdv2009.0.x86_64.rpm 96a29510a80201af1dbaee936e28a6a7 2009.0/x86_64/apache-modules-2.2.9-12.12mdv2009.0.x86_64.rpm 0b895df84b0d65cfe26d4445e0f7a1a4 2009.0/x86_64/apache-mod_userdir-2.2.9-12.12mdv2009.0.x86_64.rpm 879ad41af024969d952c3ba00ab8c7ff 2009.0/x86_64/apache-mpm-event-2.2.9-12.12mdv2009.0.x86_64.rpm 34c244f26df5c2de95e5ab3a698a7ebd 2009.0/x86_64/apache-mpm-itk-2.2.9-12.12mdv2009.0.x86_64.rpm eb9122d0d0ccd25b1d3e6fe604d683c4 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.12mdv2009.0.x86_64.rpm 2f9890e1c47b78db2f8331318d6f3fbe 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.12mdv2009.0.x86_64.rpm c52990034c85d64875d9d5e42c8d86a9 2009.0/x86_64/apache-mpm-worker-2.2.9-12.12mdv2009.0.x86_64.rpm 47796ce3087582082c434d3860357a72 2009.0/x86_64/apache-source-2.2.9-12.12mdv2009.0.x86_64.rpm d1f20a10f4a743d492333ee9296c0c45 2009.0/SRPMS/apache-2.2.9-12.12mdv2009.0.src.rpm Mandriva Linux 2010.1: 81a67350e6c227b77ca9262b87754a42 2010.1/i586/apache-base-2.2.15-3.3mdv2010.2.i586.rpm 22ed9c09140b2e0da116b3ae600c99b6 2010.1/i586/apache-devel-2.2.15-3.3mdv2010.2.i586.rpm 835a1cb70f3077b17c2751030e947a1a 2010.1/i586/apache-htcacheclean-2.2.15-3.3mdv2010.2.i586.rpm f83ae1aeec0aef106324e2eecafd84cd 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.3mdv2010.2.i586.rpm 498d15231c15b7f763f2b78045264902 2010.1/i586/apache-mod_cache-2.2.15-3.3mdv2010.2.i586.rpm ec112c861fff6b5a031f4181d6b48809 2010.1/i586/apache-mod_dav-2.2.15-3.3mdv2010.2.i586.rpm b45c566d698b92b733b67bf6568f046a 2010.1/i586/apache-mod_dbd-2.2.15-3.3mdv2010.2.i586.rpm f70ae53162e2675fda33eb1f227eecb3 2010.1/i586/apache-mod_deflate-2.2.15-3.3mdv2010.2.i586.rpm aa5188a8f55699823245b443410d959b 2010.1/i586/apache-mod_disk_cache-2.2.15-3.3mdv2010.2.i586.rpm 527d0908428b913bd6c0554058df2c72 2010.1/i586/apache-mod_file_cache-2.2.15-3.3mdv2010.2.i586.rpm af5377b482327b152bb472f86287b6b4 2010.1/i586/apache-mod_ldap-2.2.15-3.3mdv2010.2.i586.rpm 4a1f0e7481668b8df9a4d2d277642c9b 2010.1/i586/apache-mod_mem_cache-2.2.15-3.3mdv2010.2.i586.rpm 13d629b5f77ff05c8da71e0d82c9b096 2010.1/i586/apache-mod_proxy-2.2.15-3.3mdv2010.2.i586.rpm 4593b415b086a5a9068e1bbb839762b2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.3mdv2010.2.i586.rpm 9ad8a9aef61f1dbcaafe6556faa850f6 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.3mdv2010.2.i586.rpm 40de5c085fdfb042200556843de97956 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.3mdv2010.2.i586.rpm b963aca159b1b72df406247fa459b47d 2010.1/i586/apache-mod_ssl-2.2.15-3.3mdv2010.2.i586.rpm b050d1b4cd9f5f6ce472239871bfce2c 2010.1/i586/apache-modules-2.2.15-3.3mdv2010.2.i586.rpm c9c6b5054581c07c3b87b132f5915fe0 2010.1/i586/apache-mod_userdir-2.2.15-3.3mdv2010.2.i586.rpm 297bfb9c523877a9539091ce3f432715 2010.1/i586/apache-mpm-event-2.2.15-3.3mdv2010.2.i586.rpm 9b07ff9544e2faff59f778ccc9ef29a8 2010.1/i586/apache-mpm-itk-2.2.15-3.3mdv2010.2.i586.rpm 7420dfebbce0b235a1e1311ca80180cf 2010.1/i586/apache-mpm-peruser-2.2.15-3.3mdv2010.2.i586.rpm 6995e9868b1fb6d21634bafa0856ac64 2010.1/i586/apache-mpm-prefork-2.2.15-3.3mdv2010.2.i586.rpm 912d834661d60ea0be3a4ea16d0cb73d 2010.1/i586/apache-mpm-worker-2.2.15-3.3mdv2010.2.i586.rpm 56a7db4e67242869c601cc826fa93cff 2010.1/i586/apache-source-2.2.15-3.3mdv2010.2.i586.rpm b1f2f7b99fe4fed57b5f1c9b5d8f1f4d 2010.1/SRPMS/apache-2.2.15-3.3mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0c2aa94e105e9515efac127fa20442e9 2010.1/x86_64/apache-base-2.2.15-3.3mdv2010.2.x86_64.rpm 33c94640b13df6c28182c16dea368e38 2010.1/x86_64/apache-devel-2.2.15-3.3mdv2010.2.x86_64.rpm 9a96344d4c53af1e8f7bc672e5b03258 2010.1/x86_64/apache-htcacheclean-2.2.15-3.3mdv2010.2.x86_64.rpm 5cfdc0d5ffcbb974ec4b3c37d9bd9ae3 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.3mdv2010.2.x86_64.rpm b2f0790cdd2e8f9a626588730e9fed0e 2010.1/x86_64/apache-mod_cache-2.2.15-3.3mdv2010.2.x86_64.rpm 0e213220481b3bf26fef61edacae91e9 2010.1/x86_64/apache-mod_dav-2.2.15-3.3mdv2010.2.x86_64.rpm dc11bdc25528146f888203d7f5a002ee 2010.1/x86_64/apache-mod_dbd-2.2.15-3.3mdv2010.2.x86_64.rpm cddd73d266e4f341dfdb25841964aeba 2010.1/x86_64/apache-mod_deflate-2.2.15-3.3mdv2010.2.x86_64.rpm b6ea61f1ae2162b680f7e585413a78a2 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.3mdv2010.2.x86_64.rpm f8ffce7c0de413be9363ea5f19fe40f0 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.3mdv2010.2.x86_64.rpm 1c48da2d7aaab57b1a64994fd36d0173 2010.1/x86_64/apache-mod_ldap-2.2.15-3.3mdv2010.2.x86_64.rpm 3ebe1e7ffe99f9776d993d71347b6e0e 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.3mdv2010.2.x86_64.rpm 6bc78c9f7d6fccc39d9fd7f3ac38268d 2010.1/x86_64/apache-mod_proxy-2.2.15-3.3mdv2010.2.x86_64.rpm e91158618a4360a0e31e91aa4c426380 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.3mdv2010.2.x86_64.rpm 7d8b66b5f07f414808994f92950fbe13 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.3mdv2010.2.x86_64.rpm e32cfd54df5d8959ce261b8af31be16b 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.3mdv2010.2.x86_64.rpm 3c51abbefbdf59d35cfea47a3d08274a 2010.1/x86_64/apache-mod_ssl-2.2.15-3.3mdv2010.2.x86_64.rpm 78a819577503f238f7eb50cb2128a9f8 2010.1/x86_64/apache-modules-2.2.15-3.3mdv2010.2.x86_64.rpm b9e4ffc332fb36a3a76c3e4227af4fea 2010.1/x86_64/apache-mod_userdir-2.2.15-3.3mdv2010.2.x86_64.rpm d2ad2b6cc3eee3dc9d326ce62f403a90 2010.1/x86_64/apache-mpm-event-2.2.15-3.3mdv2010.2.x86_64.rpm 3b1b3b6d910e4c93a7abaf7d83bcc437 2010.1/x86_64/apache-mpm-itk-2.2.15-3.3mdv2010.2.x86_64.rpm 94195bd7bbd28489a1bc40bd78c33933 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.3mdv2010.2.x86_64.rpm 0d6159786b6386e315e0f0b3af1be3ca 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.3mdv2010.2.x86_64.rpm 70a9ed912a5d693d894031ac47c32f09 2010.1/x86_64/apache-mpm-worker-2.2.15-3.3mdv2010.2.x86_64.rpm 0db5f7644597f37e44b99c5da59d84d9 2010.1/x86_64/apache-source-2.2.15-3.3mdv2010.2.x86_64.rpm b1f2f7b99fe4fed57b5f1c9b5d8f1f4d 2010.1/SRPMS/apache-2.2.15-3.3mdv2010.2.src.rpm Corporate 4.0: 6cb0c4739d8240c5cf749c1f86071b79 corporate/4.0/i586/apache-base-2.2.3-1.13.20060mlcs4.i586.rpm 1f5bff1627d07a0e9ab7541417cf3890 corporate/4.0/i586/apache-devel-2.2.3-1.13.20060mlcs4.i586.rpm 63fc24071e4c58bcacf8bd6b15b59f12 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.13.20060mlcs4.i586.rpm 39e139423c51fc720ac59874e13e58d5 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.13.20060mlcs4.i586.rpm 95ad8d5dffb33c87879fccd7ec910ffb corporate/4.0/i586/apache-mod_cache-2.2.3-1.13.20060mlcs4.i586.rpm c0e3f64d4a14836ed9713418a2a37a3b corporate/4.0/i586/apache-mod_dav-2.2.3-1.13.20060mlcs4.i586.rpm 73d6b23714a17b3fd5a5db143c9b2e2f corporate/4.0/i586/apache-mod_dbd-2.2.3-1.13.20060mlcs4.i586.rpm b6ab335ed0766b9de3f2664dd749016d corporate/4.0/i586/apache-mod_deflate-2.2.3-1.13.20060mlcs4.i586.rpm b51574552a760bdc34edb396fdcf1713 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.13.20060mlcs4.i586.rpm ab5c9ed4a99664edd26b98d4d10ce207 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.13.20060mlcs4.i586.rpm d42183bb46acf94d6210132a8960d796 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.13.20060mlcs4.i586.rpm 48e903f8cb741290da23053686e44874 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.13.20060mlcs4.i586.rpm 88d46c9bc3980a49dd3c8ee22b2e756c corporate/4.0/i586/apache-mod_proxy-2.2.3-1.13.20060mlcs4.i586.rpm 0c47f19fa12a16a547b4356fd3d65ef0 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.13.20060mlcs4.i586.rpm 94f14b2cccff878e5fbfada10a411234 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.13.20060mlcs4.i586.rpm 6c099d9fa38df92030808e1cfbea70f6 corporate/4.0/i586/apache-modules-2.2.3-1.13.20060mlcs4.i586.rpm 74745343711a6d62274fef26680cb7cb corporate/4.0/i586/apache-mod_userdir-2.2.3-1.13.20060mlcs4.i586.rpm 42407b409fcc55b28679496a515d2d3d corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.13.20060mlcs4.i586.rpm 949273655647845491bf7433ed6947f5 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.13.20060mlcs4.i586.rpm 1065b5ff5c0b493b11499fed06902455 corporate/4.0/i586/apache-source-2.2.3-1.13.20060mlcs4.i586.rpm 05cac55ce2e5fd0fa84e8cf7999b769c corporate/4.0/SRPMS/apache-2.2.3-1.13.20060mlcs4.src.rpm Corporate 4.0/X86_64: ab51e2d012c3d2260ae7494421ee76b7 corporate/4.0/x86_64/apache-base-2.2.3-1.13.20060mlcs4.x86_64.rpm 53e32a766a5687182810ccf3256ec45c corporate/4.0/x86_64/apache-devel-2.2.3-1.13.20060mlcs4.x86_64.rpm e5b009bd8f9201a0333374a0d76e9ed6 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.13.20060mlcs4.x86_64.rpm 9a228b8b08ffdb7601a0fcc9c13eb0a6 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.13.20060mlcs4.x86_64.rpm 216040d632883ac2f81ebcba986fa28c corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm ea200972e74b3de8b0c1c5d601e1b55f corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.13.20060mlcs4.x86_64.rpm d7a9816d96d0b52e088e0161d0b686b3 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.13.20060mlcs4.x86_64.rpm 997b77ebcccebf5cec8601d2a2205355 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.13.20060mlcs4.x86_64.rpm c4e8adc271e2806fb17a682bd480d450 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm deb5a46c8843982b01620d12d182c2f2 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm cf91402d2713a735ca5176f1fae748d4 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.13.20060mlcs4.x86_64.rpm 61eab13877dc720a0ad2c1c55bd27612 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.13.20060mlcs4.x86_64.rpm dd810b0e0cf871c2a29847014edaf12e corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.13.20060mlcs4.x86_64.rpm 2ae4e2b6a4f8e89894c10062e26c52f8 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.13.20060mlcs4.x86_64.rpm 63afd5a4dbfdbe53fc4fe77897a56288 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.13.20060mlcs4.x86_64.rpm dcc501e359941fd3a30ba45e6681cef5 corporate/4.0/x86_64/apache-modules-2.2.3-1.13.20060mlcs4.x86_64.rpm 4b7a6233d441e4f8b87dbe6557957b8c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.13.20060mlcs4.x86_64.rpm dd1478de94663c57c76384dea1c13383 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.13.20060mlcs4.x86_64.rpm f14236bbe5ee8edcc69e35ff92baa699 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.13.20060mlcs4.x86_64.rpm f6f9428ee237c21cb75aa1f1f9f29981 corporate/4.0/x86_64/apache-source-2.2.3-1.13.20060mlcs4.x86_64.rpm 05cac55ce2e5fd0fa84e8cf7999b769c corporate/4.0/SRPMS/apache-2.2.3-1.13.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 8f2c047d79dc68e5109417c63e6341bc mes5/i586/apache-base-2.2.9-12.12mdvmes5.2.i586.rpm 40f90571fc968b477594a9edc1937aee mes5/i586/apache-devel-2.2.9-12.12mdvmes5.2.i586.rpm d48ca72adb7932a678b163779905c888 mes5/i586/apache-htcacheclean-2.2.9-12.12mdvmes5.2.i586.rpm 3c2949148e484d8ca2dcec6a77b68bf8 mes5/i586/apache-mod_authn_dbd-2.2.9-12.12mdvmes5.2.i586.rpm cff46a05b8b28bb318ab00b63f29c421 mes5/i586/apache-mod_cache-2.2.9-12.12mdvmes5.2.i586.rpm c01d753a6928dbb8b79309ad0ffc6bb7 mes5/i586/apache-mod_dav-2.2.9-12.12mdvmes5.2.i586.rpm 3d69d11a7f2ca0db8ef734f90b76cf47 mes5/i586/apache-mod_dbd-2.2.9-12.12mdvmes5.2.i586.rpm f9d11522f31e4eba56eab96b975aa271 mes5/i586/apache-mod_deflate-2.2.9-12.12mdvmes5.2.i586.rpm ce7e199d50c484dbaae4ac8a24fdfd8f mes5/i586/apache-mod_disk_cache-2.2.9-12.12mdvmes5.2.i586.rpm e13784109c7c987f161e62db23875e99 mes5/i586/apache-mod_file_cache-2.2.9-12.12mdvmes5.2.i586.rpm 0679925298a2b084fb835c8342ff2db6 mes5/i586/apache-mod_ldap-2.2.9-12.12mdvmes5.2.i586.rpm 18d8638b92b40111dc4c3d9061c4f954 mes5/i586/apache-mod_mem_cache-2.2.9-12.12mdvmes5.2.i586.rpm 4f2fb07cf38766b852c35f8ec84c4615 mes5/i586/apache-mod_proxy-2.2.9-12.12mdvmes5.2.i586.rpm 28b41c1d6e0898417715d91a8ae9c786 mes5/i586/apache-mod_proxy_ajp-2.2.9-12.12mdvmes5.2.i586.rpm e46a77e76f3a09d8ae3a1f13e8d73914 mes5/i586/apache-mod_ssl-2.2.9-12.12mdvmes5.2.i586.rpm 00732d13045c0503c471214f37dc7e7c mes5/i586/apache-modules-2.2.9-12.12mdvmes5.2.i586.rpm 4279cd7a1e58191ca58db6f23ce668af mes5/i586/apache-mod_userdir-2.2.9-12.12mdvmes5.2.i586.rpm f75d539d341234ffa941fc2ff95e1af9 mes5/i586/apache-mpm-event-2.2.9-12.12mdvmes5.2.i586.rpm 7dc2aac397b2764e9ffd2f62948fd5ac mes5/i586/apache-mpm-itk-2.2.9-12.12mdvmes5.2.i586.rpm bde67f65165d76bf16430e47d1fe0cb5 mes5/i586/apache-mpm-peruser-2.2.9-12.12mdvmes5.2.i586.rpm f437fcd2fd93bbe1b931035b1d5e7366 mes5/i586/apache-mpm-prefork-2.2.9-12.12mdvmes5.2.i586.rpm 990deab998e13f0e1f9b0705898265f7 mes5/i586/apache-mpm-worker-2.2.9-12.12mdvmes5.2.i586.rpm 60e73f359da6fb7f22e4f3e4221e9c47 mes5/i586/apache-source-2.2.9-12.12mdvmes5.2.i586.rpm f2081e47da0c06c0a01718c4fa6e615f mes5/SRPMS/apache-2.2.9-12.12mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 68c25a84b6281604cf34e9b8c28f1049 mes5/x86_64/apache-base-2.2.9-12.12mdvmes5.2.x86_64.rpm d1fea716c89eab4cf4c794770a1b6b4b mes5/x86_64/apache-devel-2.2.9-12.12mdvmes5.2.x86_64.rpm dea5767ddfd52f162ace3ae36cfae969 mes5/x86_64/apache-htcacheclean-2.2.9-12.12mdvmes5.2.x86_64.rpm 7834f28e7bed5dc4919d0ec2f53cd7c2 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.12mdvmes5.2.x86_64.rpm 322e4da0618785d76b197703d0b4ffeb mes5/x86_64/apache-mod_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm 47cdb78ab11983271844e601f2a818dd mes5/x86_64/apache-mod_dav-2.2.9-12.12mdvmes5.2.x86_64.rpm 60a44577f80f32aa1be156b74a15d55e mes5/x86_64/apache-mod_dbd-2.2.9-12.12mdvmes5.2.x86_64.rpm cd5e323d115b924886a8939072265d96 mes5/x86_64/apache-mod_deflate-2.2.9-12.12mdvmes5.2.x86_64.rpm 34c3f3579c313da8c2f3fc6376c6480f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm 41f634d505250b2ad795871311f83ef1 mes5/x86_64/apache-mod_file_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm e2d14257c9122287ea7a7e1ec80327b3 mes5/x86_64/apache-mod_ldap-2.2.9-12.12mdvmes5.2.x86_64.rpm 5d93d3561c9b8410e2603bc5f0edc50f mes5/x86_64/apache-mod_mem_cache-2.2.9-12.12mdvmes5.2.x86_64.rpm 9f5e94a9d87db50d479ddb17219d831d mes5/x86_64/apache-mod_proxy-2.2.9-12.12mdvmes5.2.x86_64.rpm 4923ba24f69c8dacbe56e9871e3b8cc4 mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.12mdvmes5.2.x86_64.rpm 22238b128d6dc133a5dae8066c2a18a7 mes5/x86_64/apache-mod_ssl-2.2.9-12.12mdvmes5.2.x86_64.rpm 694ab458009917d81721764e0aad57a9 mes5/x86_64/apache-modules-2.2.9-12.12mdvmes5.2.x86_64.rpm de18f38d71f2fc95d6fe782510cb26bd mes5/x86_64/apache-mod_userdir-2.2.9-12.12mdvmes5.2.x86_64.rpm 30858da82b560e8d18b85c2601e71851 mes5/x86_64/apache-mpm-event-2.2.9-12.12mdvmes5.2.x86_64.rpm a22541e594bfc4ea2de372941d938396 mes5/x86_64/apache-mpm-itk-2.2.9-12.12mdvmes5.2.x86_64.rpm c33ea0b752f5a394dbe7e27fad15182f mes5/x86_64/apache-mpm-peruser-2.2.9-12.12mdvmes5.2.x86_64.rpm 24d6c3ade6d8053562c5e14ce6b25250 mes5/x86_64/apache-mpm-prefork-2.2.9-12.12mdvmes5.2.x86_64.rpm 3b54d14149d52a44d130a2c45f48e79d mes5/x86_64/apache-mpm-worker-2.2.9-12.12mdvmes5.2.x86_64.rpm 33fab873f19b2cd2ac6c9fc87ecf7852 mes5/x86_64/apache-source-2.2.9-12.12mdvmes5.2.x86_64.rpm f2081e47da0c06c0a01718c4fa6e615f mes5/SRPMS/apache-2.2.9-12.12mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFOY4ZemqjQ0CJFipgRAqbCAJ9v2n0eNDDc2DYK3WqOifUDtsN+JACgkx4s 4pin0XPWifvtN+m/Z38bY+U= =IhYU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Summary: Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 3 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (v. 3 ELS) - i386 Red Hat Enterprise Linux ES (v. 3 ELS) - i386 3. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 732928 - CVE-2011-3192 httpd: multiple ranges DoS 6. Package List: Red Hat Enterprise Linux AS (v. 3 ELS): Source: httpd-2.0.46-78.ent.src.rpm i386: httpd-2.0.46-78.ent.i386.rpm httpd-debuginfo-2.0.46-78.ent.i386.rpm httpd-devel-2.0.46-78.ent.i386.rpm mod_ssl-2.0.46-78.ent.i386.rpm Red Hat Enterprise Linux ES (v. 3 ELS): Source: httpd-2.0.46-78.ent.src.rpm i386: httpd-2.0.46-78.ent.i386.rpm httpd-debuginfo-2.0.46-78.ent.i386.rpm httpd-devel-2.0.46-78.ent.i386.rpm mod_ssl-2.0.46-78.ent.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02997184 Version: 2 HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-09-08 Last Updated: 2011-09-08 ------------------------------------------------------------------------------ Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server. References: CVE-2011-3192, CVE-2011-0419 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION This bulletin will be revised when additional information becomes available. HP has provided the following software update to resolve these vulnerabilities. The update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5 HP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08 HP-UX 11i Release / Apache Depot name B.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot B.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot HP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier HP-UX 11i Release / Apache Depot name B.11.11 / Use work around suggested below B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 Alternatives to Installing the Preliminary Patch The Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. Note: that no patch is available for Apache 2.0.64.01. 2) Limit the size of the request field to a few hundred bytes. 3) Use mod_headers to completely disallow the use of Range headers. Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.18 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp aWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C =MTc6 -----END PGP SIGNATURE----- . For more information: SA45606 The vulnerability is reported in the following products: * Oracle Fusion Middleware 11g versions 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0. * Oracle Application Server 10g versions 10.1.2.3.0 and 10.1.3.5.0. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Products ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46229 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46229/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46229 RELEASE DATE: 2011-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/46229/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46229/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46229 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service). ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-020/index.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-021/index.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-022/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

HP

SOURCES

LAST UPDATE DATE

2025-02-18T20:26:00.383000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE