Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
97 vulnerabilities found for HTTP Server by Apache
VAR-201908-0260
Vulnerability from variot - Updated: 2026-04-10 23:34Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd24-httpd and httpd24-nghttp2 security update Advisory ID: RHSA-2019:2949-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2949 Issue date: 2019-10-01 CVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517 ==================================================================== 1. Summary:
An update for httpd24-httpd and httpd24-nghttp2 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.34-8.el6.1.src.rpm httpd24-nghttp2-1.7.1-7.el6.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
aarch64: httpd24-httpd-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm httpd24-mod_md-2.4.34-8.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm httpd24-mod_session-2.4.34-8.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-8.el7.1.src.rpm httpd24-nghttp2-1.7.1-7.el7.1.src.rpm
noarch: httpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm
x86_64: httpd24-httpd-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7 P6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S GjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2 Cm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI dbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip P+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh m2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM TWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV 2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2 XUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2 uqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl I52/ZH/L3O8=N7om -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4113-2 September 17, 2019
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4113-1 introduced a regression in Apache. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197)
Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10081)
Craig Young discovered that a read-after-free error existed in the HTTP/2 implementation in Apache during connection shutdown. A remote attacker could use this to possibly cause a denial of service (daemon crash) or possibly expose sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)
Matei Badanoiu discovered that the mod_proxy component of Apache did not properly filter URLs when reporting errors in some configurations. A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)
Daniel McCarney discovered that mod_remoteip component of Apache contained a stack buffer overflow when parsing headers from a trusted intermediary proxy in some situations. A remote attacker controlling a trusted proxy could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-10097)
Yukitsugu Sasaki discovered that the mod_rewrite component in Apache was vulnerable to open redirects in some situations. A remote attacker could use this to possibly expose sensitive information or bypass intended restrictions. (CVE-2019-10098)
Jonathan Looney discovered that the HTTP/2 implementation in Apache did not properly limit the amount of buffering for client connections in some situations. A remote attacker could use this to cause a denial of service (unresponsive daemon). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: apache2 2.4.38-2ubuntu2.3 apache2-bin 2.4.38-2ubuntu2.3
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.11 apache2-bin 2.4.29-1ubuntu4.11
Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.13 apache2-bin 2.4.18-2ubuntu3.13
In general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):
JBCS-826 - Rebase nghttp2 to 1.39.2
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link (you must log in to download the update).
CVE-2019-9517
Jonathan Looney reported that a malicious client could perform a
denial of service attack (exhausting h2 workers) by flooding a
connection with requests and basically never reading responses on
the TCP connection.
CVE-2019-10092
Matei "Mal" Badanoiu reported a limited cross-site scripting
vulnerability in the mod_proxy error page. This vulnerability could only be
triggered by a trusted proxy and not by untrusted HTTP clients. The
issue does not affect the stretch release.
CVE-2019-10098
Yukitsugu Sasaki reported a potential open redirect vulnerability in
the mod_rewrite module.
For the oldstable distribution (stretch), these problems have been fixed in version 2.4.25-3+deb9u8.
For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN qcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i tZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C oOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A GIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF JjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX dgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le jVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH LarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS RcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz Cn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.1"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"_id": null,
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"_id": null,
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"_id": null,
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "retail xstore point of service",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.1"
},
{
"_id": null,
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"_id": null,
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"_id": null,
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"_id": null,
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "communications element manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.20"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.40"
},
{
"_id": null,
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"_id": null,
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"_id": null,
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"_id": null,
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 0.7
},
"cve": "CVE-2019-9517",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9517",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160952",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9517",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9517",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-943",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160952",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"description": {
"_id": null,
"data": "Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs8-nodejs (8.16.1). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd24-httpd and httpd24-nghttp2 security update\nAdvisory ID: RHSA-2019:2949-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2949\nIssue date: 2019-10-01\nCVE Names: CVE-2019-9511 CVE-2019-9513 CVE-2019-9517\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-nghttp2 is now available for Red\nHat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PRIORITY frames resulting in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el6.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el6.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el6.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.s390x.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.s390x.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.s390x.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-8.el7.1.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-8.el7.1.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_md-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_session-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-8.el7.1.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.1.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZM+I9zjgjWX9erEAQhZww/+KbkqyDmqC5wyM0PG3/ZbsAg8Odywrvl7\nP6oFYg8/Dsb5Tdrf6kZgHb6TFPYRqdptH5WTmLVedjvkvYgOeseVyzUCcjUgxP3S\nGjH1rGHQosMyRG82dyB3nexUnjJsDPQZ7kAnT3QS7WwzluY+jzBmQb54nEyfOK+2\nCm7MQbRJGS9igNGWlrbJpWA1caZkLDWpXxBNwmf1lh6LR/xOlbbEn3OnU4VFnIeI\ndbqAOP8DXSMvTFDvUuqZTJw2IjnWAYm2CJ3hi/BdRiAbsRtiIjFrQ3A3EaObt3ip\nP+FEXawj7/NzwMEFZu5Los+bJBH21Gdr44d0iS1FQYYC41rz0g1KVHizFVkFT2Hh\nm2YI65XlEd393dQMCtfrZIArZt87dBkU4JCBvKPYQ9+cF3PMR5ZzHSI2iSJ67iZM\nTWxkZv5mrI7DXZooOMfrW7aX8eyKk9PZy/iU24Iu8rJ4d9WZto9oDXZb4RwrurfV\n2HB7wOpDz3duWsCJojE8lbpWJ8PswajfaruJq/jX7Za++v7F7GyTbSOgsAQAfDY2\nXUTGiYzbrZmaIKaP3REWwTn+xTJBh8mqvUA2E+KvZzSn8fBEry8GIUsIKmxxzsz2\nuqDSPyZ4Q5UO1nwLXpghkz/S1/JJztzbpLn1BJuISsTmR12R5a2Zrd8wcqpn9SOl\nI52/ZH/L3O8=N7om\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. =========================================================================\nUbuntu Security Notice USN-4113-2\nSeptember 17, 2019\n\napache2 regression\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-4113-1 introduced a regression in Apache. \nUnfortunately, that update introduced a regression when proxying\nbalancer manager connections in some configurations. This update\nfixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Stefan Eissing discovered that the HTTP/2 implementation in Apache\n did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in\n some situations. A remote attacker could use this to cause a denial\n of service (daemon crash). This issue only affected Ubuntu 18.04 LTS\n and Ubuntu 19.04. (CVE-2019-0197)\n\n Craig Young discovered that a memory overwrite error existed in\n Apache when performing HTTP/2 very early pushes in some situations. A\n remote attacker could use this to cause a denial of service (daemon\n crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. \n (CVE-2019-10081)\n\n Craig Young discovered that a read-after-free error existed in the\n HTTP/2 implementation in Apache during connection shutdown. A remote\n attacker could use this to possibly cause a denial of service (daemon\n crash) or possibly expose sensitive information. This issue only\n affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-10082)\n\n Matei Badanoiu discovered that the mod_proxy component of\n Apache did not properly filter URLs when reporting errors in some\n configurations. A remote attacker could possibly use this issue to\n conduct cross-site scripting (XSS) attacks. (CVE-2019-10092)\n\n Daniel McCarney discovered that mod_remoteip component of Apache\n contained a stack buffer overflow when parsing headers from a trusted\n intermediary proxy in some situations. A remote attacker controlling a\n trusted proxy could use this to cause a denial of service or possibly\n execute arbitrary code. This issue only affected Ubuntu 19.04. \n (CVE-2019-10097)\n\n Yukitsugu Sasaki discovered that the mod_rewrite component in Apache\n was vulnerable to open redirects in some situations. A remote attacker\n could use this to possibly expose sensitive information or bypass\n intended restrictions. (CVE-2019-10098)\n\n Jonathan Looney discovered that the HTTP/2 implementation in Apache did\n not properly limit the amount of buffering for client connections in\n some situations. A remote attacker could use this to cause a denial\n of service (unresponsive daemon). This issue only affected Ubuntu\n 18.04 LTS and Ubuntu 19.04. (CVE-2019-9517)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n apache2 2.4.38-2ubuntu2.3\n apache2-bin 2.4.38-2ubuntu2.3\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.11\n apache2-bin 2.4.29-1ubuntu4.11\n\nUbuntu 16.04 LTS:\n apache2 2.4.18-2ubuntu3.13\n apache2-bin 2.4.18-2ubuntu3.13\n\nIn general, a standard system update will make all the necessary changes. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-826 - Rebase nghttp2 to 1.39.2\n\n7. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nCVE-2019-9517\n\n Jonathan Looney reported that a malicious client could perform a\n denial of service attack (exhausting h2 workers) by flooding a\n connection with requests and basically never reading responses on\n the TCP connection. \n\nCVE-2019-10092\n\n Matei \"Mal\" Badanoiu reported a limited cross-site scripting\n vulnerability in the mod_proxy error page. This vulnerability could only be\n triggered by a trusted proxy and not by untrusted HTTP clients. The\n issue does not affect the stretch release. \n\nCVE-2019-10098\n\n Yukitsugu Sasaki reported a potential open redirect vulnerability in\n the mod_rewrite module. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 2.4.25-3+deb9u8. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1kODxfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0RAEw/+OaEyxK9D+s1uIin5SkmJJ4buicbeEwh6Qwn03SCj5RYW+PbGaW67dSZN\nqcTGyJqU2YrY3y75q0S5V6GBvcg1+QRCbTAlZhUwALGmMpnfkPhn3q6uUXY8511i\ntZhKZYQa5ZVnpcDH2IF1EP+ilwK4q2uzMh1Wpz79PWLitWhk5dNMtjcjJ+KXP15C\noOs3aeHheAkLGKE8drgLpYRSgx3ccD9i7lts6gr/uAJOW7pvQoY+SDOZvceU6/0A\nGIjOO56hw1tW6qkbDiG/sCYncVv6ZKTVsjhBJabw55kaIrReSnEMiWjqkV4BhCBF\nJjsewEBYZMV7DC+gkHKRoHHrSrI6gLYAFuTREXAjnf6fsPoVgX8hYkZ0QqH7F5zX\ndgSV7wpjjFzDb/iPkkncKJS1h11GlrM/6VhT1cr/6ZlHvqSAWlz0OUseRA9ii6Le\njVxFTb7EAGsrEzK9SPhA/IbvIBj1UPQhjEgIthfImw4S+M5q40Oh0oKW+/FgzMqH\nLarHY+jQcOuGxE7T6EK4gozGxpLvpRhg8NcCzL/Vnst5JW7vr/F4R3H1NFk579tS\nRcXuBUy8+DkKecawPgP05zPxrhuAFIi89TkEMX3LyyA/Kn0KX+2KXabQll9Q2KYz\nCn5eimlukcxKmWUxA3cJggcDj/80YgxE6wmFqHPtI/8Sx4XN0pY=v6GC\n-----END PGP SIGNATURE-----\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9517"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-9517",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/08/15/7",
"trust": 1.7
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154227",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.4295",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3243",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4403",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3133",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "154590",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-160952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154712",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154506",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154697",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"id": "VAR-201908-0260",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:34:01.956000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96626"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4509"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 2.3,
"url": "https://usn.ubuntu.com/4113-1/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2946"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2949"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/47"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0003/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190905-0003/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201909-04"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/08/15/7"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2893"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2950"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k02591030"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c%40%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bp556leg3wenhzi5taq6zebftjb4e2is/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xhtku7yq5eep2xnsav4m4vj7qcbojmod/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev."
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce."
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/be1e153d17bb9e32d43a38f176d93bf8a9f7568f5c8f3f5e5ebf76cd@%3cannounce."
},
{
"trust": 0.6,
"url": "httpd-six-vulnerabilities-30057"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4403/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "http-2-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9514-cve-2019-9512-cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-console-and-rest-api-are-vulnerable-to-multiple-denial-of-service-attacks-within-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3243/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4295/"
},
{
"trust": 0.6,
"url": "http-2-implementation-used-by-watson-knowledge-catalog-for-ibm-cloud-pak-for-data/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154227/debian-security-advisory-4509-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3301/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3133/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10082"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10081"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10097"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10098"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10092"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k02591030?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3cannounce.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3cdev.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4113-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1842701"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.38-2ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.11"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4113-1"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160952"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "154712"
},
{
"db": "PACKETSTORM",
"id": "154699"
},
{
"db": "PACKETSTORM",
"id": "154506"
},
{
"db": "PACKETSTORM",
"id": "154697"
},
{
"db": "PACKETSTORM",
"id": "155416"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154227"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
},
{
"db": "NVD",
"id": "CVE-2019-9517"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154506",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154697",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154227",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2019-10-02T15:03:59",
"db": "PACKETSTORM",
"id": "154712",
"ident": null
},
{
"date": "2019-10-01T20:46:00",
"db": "PACKETSTORM",
"id": "154699",
"ident": null
},
{
"date": "2019-09-17T16:48:23",
"db": "PACKETSTORM",
"id": "154506",
"ident": null
},
{
"date": "2019-10-01T20:45:33",
"db": "PACKETSTORM",
"id": "154697",
"ident": null
},
{
"date": "2019-11-20T20:55:55",
"db": "PACKETSTORM",
"id": "155416",
"ident": null
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852",
"ident": null
},
{
"date": "2019-08-27T13:29:10",
"db": "PACKETSTORM",
"id": "154227",
"ident": null
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663",
"ident": null
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"date": "2019-08-13T21:15:12.647000",
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641",
"ident": null
},
{
"date": "2023-01-19T00:00:00",
"db": "VULHUB",
"id": "VHN-160952",
"ident": null
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-943",
"ident": null
},
{
"date": "2025-01-14T19:29:55.853000",
"db": "NVD",
"id": "CVE-2019-9517",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-943"
}
],
"trust": 0.6
}
}
VAR-202404-0120
Vulnerability from variot - Updated: 2026-04-10 23:30Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-6729-2 April 17, 2024
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2023-38709)
Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2024-24795)
Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. (CVE-2024-27316)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro): apache2 2.4.29-1ubuntu4.27+esm2
Ubuntu 16.04 LTS (Available with Ubuntu Pro): apache2 2.4.18-2ubuntu3.17+esm12
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6729-2 https://ubuntu.com/security/notices/USN-6729-1 CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
.
For the oldstable distribution (bullseye), these problems have been fixed in version 2.4.59-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 2.4.59-1~deb12u1.
We recommend that you upgrade your apache2 packages.
The following advisory data is extracted from:
https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update Advisory ID: RHSA-2024:6927-03 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2024:6927 Issue date: 2024-09-24 Revision: 03 CVE Names: CVE-2023-38709 ====================================================================
Summary:
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
- jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-31
https://security.gentoo.org/
Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 28, 2024 Bugs: #928540, #935296, #935427, #936257 ID: 202409-31
Synopsis
Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service.
Affected packages
Package Vulnerable Unaffected
www-servers/apache < 2.4.62 >= 2.4.62
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"
References
[ 1 ] CVE-2023-38709 https://nvd.nist.gov/vuln/detail/CVE-2023-38709 [ 2 ] CVE-2024-24795 https://nvd.nist.gov/vuln/detail/CVE-2024-24795 [ 3 ] CVE-2024-27316 https://nvd.nist.gov/vuln/detail/CVE-2024-27316 [ 4 ] CVE-2024-36387 https://nvd.nist.gov/vuln/detail/CVE-2024-36387 [ 5 ] CVE-2024-38472 https://nvd.nist.gov/vuln/detail/CVE-2024-38472 [ 6 ] CVE-2024-38473 https://nvd.nist.gov/vuln/detail/CVE-2024-38473 [ 7 ] CVE-2024-38474 https://nvd.nist.gov/vuln/detail/CVE-2024-38474 [ 8 ] CVE-2024-38475 https://nvd.nist.gov/vuln/detail/CVE-2024-38475 [ 9 ] CVE-2024-38476 https://nvd.nist.gov/vuln/detail/CVE-2024-38476 [ 10 ] CVE-2024-38477 https://nvd.nist.gov/vuln/detail/CVE-2024-38477 [ 11 ] CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 [ 12 ] CVE-2024-39884 https://nvd.nist.gov/vuln/detail/CVE-2024-39884 [ 13 ] CVE-2024-40725 https://nvd.nist.gov/vuln/detail/CVE-2024-40725 [ 14 ] CVE-2024-40898 https://nvd.nist.gov/vuln/detail/CVE-2024-40898
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202409-31
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-07-29-2024-4 macOS Sonoma 14.6
macOS Sonoma 14.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT214119.
Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent software updates with security advisories.
Accounts Available for: macOS Sonoma Impact: A malicious application may be able to access private information Description: The issue was addressed with improved checks. CVE-2024-40804: IES Red Team of ByteDance
apache Available for: macOS Sonoma Impact: Multiple issues in apache Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-38709: Yeto CVE-2024-24795: Yeto CVE-2024-27316: Yeto
APFS Available for: macOS Sonoma Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with improved restriction of data container access. CVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji
AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40774: Mickey Jin (@patch1t) CVE-2024-40814: Mickey Jin (@patch1t)
AppleMobileFileIntegrity Available for: macOS Sonoma Impact: An app may be able to leak sensitive user information Description: A downgrade issue was addressed with additional code- signing restrictions. CVE-2024-40775: Mickey Jin (@patch1t)
AppleVA Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: The issue was addressed with improved memory handling. CVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
ASP TCP Available for: macOS Sonoma Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2024-27878: CertiK SkyFall Team
CoreGraphics Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40799: D4m0n
CoreMedia Available for: macOS Sonoma Impact: Processing a maliciously crafted video file may lead to unexpected app termination Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2024-27873: Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations
curl Available for: macOS Sonoma Impact: Multiple issues in curl Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-2004 CVE-2024-2379 CVE-2024-2398 CVE-2024-2466
DesktopServices Available for: macOS Sonoma Impact: An app may be able to overwrite arbitrary files Description: The issue was addressed with improved checks. CVE-2024-40827: an anonymous researcher
dyld Available for: macOS Sonoma Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with additional validation. CVE-2024-40815: w0wbox
Family Sharing Available for: macOS Sonoma Impact: An app may be able to read sensitive location information Description: This issue was addressed with improved data protection. CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji
ImageIO Available for: macOS Sonoma Impact: Processing an image may lead to a denial-of-service Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2023-6277 CVE-2023-52356
ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2024-40806: Yisumi
ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40777: Junsung Lee working with Trend Micro Zero Day Initiative, and Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations
ImageIO Available for: macOS Sonoma Impact: Processing a maliciously crafted file may lead to unexpected app termination Description: An integer overflow was addressed with improved input validation. CVE-2024-40784: Junsung Lee working with Trend Micro Zero Day Initiative, Gandalf4a
Kernel Available for: macOS Sonoma Impact: A local attacker may be able to determine kernel memory layout Description: An information disclosure issue was addressed with improved private data redaction for log entries. CVE-2024-27863: CertiK SkyFall Team
Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: An out-of-bounds read was addressed with improved input validation. CVE-2024-40816: sqrtpwn
Kernel Available for: macOS Sonoma Impact: A local attacker may be able to cause unexpected system shutdown Description: A type confusion issue was addressed with improved memory handling. CVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University
Keychain Access Available for: macOS Sonoma Impact: An attacker may be able to cause unexpected app termination Description: A type confusion issue was addressed with improved checks. CVE-2024-40803: Patrick Wardle of DoubleYou & the Objective-See Foundation
libxpc Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: A permissions issue was addressed with additional restrictions. CVE-2024-40805
Messages Available for: macOS Sonoma Impact: An app may be able to view a contact's phone number in system logs Description: The issue was addressed with improved checks. CVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)
NetworkExtension Available for: macOS Sonoma Impact: Private browsing may leak some browsing history Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-40796: Adam M.
OpenSSH Available for: macOS Sonoma Impact: A remote attacker may be able to cause arbitrary code execution Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. CVE-2024-6387
PackageKit Available for: macOS Sonoma Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved checks. CVE-2024-40781: Mickey Jin (@patch1t) CVE-2024-40802: Mickey Jin (@patch1t)
PackageKit Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: The issue was addressed with improved checks. CVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong
PackageKit Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: A permissions issue was addressed with additional restrictions. CVE-2024-27882: Mickey Jin (@patch1t) CVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of Kandji
Photos Storage Available for: macOS Sonoma Impact: Photos in the Hidden Photos Album may be viewed without authentication Description: An authentication issue was addressed with improved state management. CVE-2024-40778: Mateen Alinaghi
Restore Framework Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: An input validation issue was addressed with improved input validation. CVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos
Safari Available for: macOS Sonoma Impact: An app may bypass Gatekeeper checks Description: A race condition was addressed with improved locking. CVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security
Safari Available for: macOS Sonoma Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. CVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber Security At Suma Soft Pvt. Ltd, Pune (India)
Sandbox Available for: macOS Sonoma Impact: An app may be able to bypass Privacy preferences Description: This issue was addressed through improved state management. CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong
Sandbox Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: A path handling issue was addressed with improved validation. CVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of Kandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong
Scripting Bridge Available for: macOS Sonoma Impact: An app may be able to access information about a user’s contacts Description: A privacy issue was addressed with improved private data redaction for log entries. CVE-2024-27881: Kirin (@Pwnrin)
Security Available for: macOS Sonoma Impact: Third party app extensions may not receive the correct sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2024-40821: Joshua Jones
Security Available for: macOS Sonoma Impact: An app may be able to read Safari's browsing history Description: This issue was addressed with improved redaction of sensitive information. CVE-2024-40798: Adam M.
Security Initialization Available for: macOS Sonoma Impact: An app may be able to access protected user data Description: This issue was addressed with improved validation of symlinks. CVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong
Setup Assistant Available for: macOS Sonoma Impact: Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled Description: A logic issue was addressed with improved state management. CVE-2024-27862: Jiwon Park
Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user Description: A logic issue was addressed with improved checks. CVE-2024-40833: an anonymous researcher CVE-2024-40835: an anonymous researcher CVE-2024-40836: an anonymous researcher CVE-2024-40807: an anonymous researcher
Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass sensitive Shortcuts app settings Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40834: Marcio Almeida from Tanto Security
Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: A logic issue was addressed with improved checks. CVE-2024-40809: an anonymous researcher CVE-2024-40812: an anonymous researcher
Shortcuts Available for: macOS Sonoma Impact: A shortcut may be able to bypass Internet permission requirements Description: This issue was addressed by adding an additional prompt for user consent. CVE-2024-40787: an anonymous researcher
Shortcuts Available for: macOS Sonoma Impact: An app may be able to access user-sensitive data Description: This issue was addressed by removing the vulnerable code. CVE-2024-40793: Kirin (@Pwnrin)
Siri Available for: macOS Sonoma Impact: An attacker with physical access may be able to use Siri to access sensitive user data Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40818: Bistrit Dahal and Srijan Poudel
Siri Available for: macOS Sonoma Impact: An attacker with physical access to a device may be able to access contacts from the lock screen Description: This issue was addressed by restricting options offered on a locked device. CVE-2024-40822: Srijan Poudel
StorageKit Available for: macOS Sonoma Impact: A malicious app may be able to gain root privileges Description: The issue was addressed with improved checks. CVE-2024-40828: Mickey Jin (@patch1t)
sudo Available for: macOS Sonoma Impact: An app may be able to modify protected parts of the file system Description: The issue was addressed with improved checks. CVE-2024-40811: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 273176 CVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 268770 CVE-2024-40782: Maksymilian Motyl
WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 275431 CVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab WebKit Bugzilla: 275273 CVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab
WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. WebKit Bugzilla: 273805 CVE-2024-40785: Johan Carlsson (joaxcar)
WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day Initiative
WebKit Available for: macOS Sonoma Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org. WebKit Bugzilla: 274165 CVE-2024-4558
WebKit Available for: macOS Sonoma Impact: Private Browsing tabs may be accessed without authentication Description: This issue was addressed through improved state management. WebKit Bugzilla: 275272 CVE-2024-40794: Matthew Butler
Additional recognition
AirDrop We would like to acknowledge Linwz of DEVCORE for their assistance.
DiskArbitration We would like to acknowledge Yann GASCUEL of Alter Solutions for their assistance.
Image Capture We would like to acknowledge an anonymous researcher for their assistance.
Shortcuts We would like to acknowledge an anonymous researcher for their assistance.
WebKit We would like to acknowledge an anonymous researcher for their assistance.
macOS Sonoma 14.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Releases web site: https://support.apple.com/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa IvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI G0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY ra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V ywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln Kp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P 70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR YsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj xx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL lH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M LIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG MZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE= =eOPj -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ontap tools",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "10"
},
{
"_id": null,
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.59"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "40"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "39"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "38"
},
{
"_id": null,
"model": "ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "14.6"
},
{
"_id": null,
"model": "ontap tools",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "fabric operating system",
"scope": null,
"trust": 0.8,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "182614"
}
],
"trust": 0.4
},
"cve": "CVE-2023-38709",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2023-38709",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-029234",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-38709",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-029234",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"description": {
"_id": null,
"data": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. \n\nThis issue affects Apache HTTP Server: through 2.4.58. Apache Software Foundation of Apache HTTP Server A vulnerability exists in products from multiple vendors, including improper validation of quantities specified in input.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-6729-2\nApril 17, 2024\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS (Available with Ubuntu Pro)\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. \n\nOriginal advisory details:\n\n Orange Tsai discovered that the Apache HTTP Server incorrectly handled\n validating certain input. A remote attacker could possibly use this\n issue to perform HTTP request splitting attacks. (CVE-2023-38709)\n\n Keran Mu and Jianjun Chen discovered that the Apache HTTP Server\n incorrectly handled validating certain input. A remote attacker could\n possibly use this issue to perform HTTP request splitting attacks. \n (CVE-2024-24795)\n\n Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled endless continuation frames. A remote attacker could\n possibly use this issue to cause the server to consume resources, leading\n to a denial of service. This issue was addressed only in Ubuntu 18.04 LTS. \n (CVE-2024-27316)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS (Available with Ubuntu Pro):\n apache2 2.4.29-1ubuntu4.27+esm2\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n apache2 2.4.18-2ubuntu3.17+esm12\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6729-2\n https://ubuntu.com/security/notices/USN-6729-1\n CVE-2023-38709, CVE-2024-24795, CVE-2024-27316\n\n. \n\nFor the oldstable distribution (bullseye), these problems have been fixed\nin version 2.4.59-1~deb11u1. \n\nFor the stable distribution (bookworm), these problems have been fixed in\nversion 2.4.59-1~deb12u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nThe following advisory data is extracted from:\n\nhttps://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json\n\nRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat\u0027s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. \n\n- Packet Storm Staff\n\n\n\n\n====================================================================\nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP6 security update\nAdvisory ID: RHSA-2024:6927-03\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2024:6927\nIssue date: 2024-09-24\nRevision: 03\nCVE Names: CVE-2023-38709\n====================================================================\n\nSummary: \n\nRed Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 is now available. \n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. \n\n\n\n\nDescription:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 6 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 5, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. \n\nSecurity Fix(es):\n\n* jbcs-httpd24-httpd: HTTP response splitting (CVE-2023-38709)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202409-31\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: September 28, 2024\n Bugs: #928540, #935296, #935427, #936257\n ID: 202409-31\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache HTTPD, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n------------------ ------------ ------------\nwww-servers/apache \u003c 2.4.62 \u003e= 2.4.62\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.62\"\n\nReferences\n==========\n\n[ 1 ] CVE-2023-38709\n https://nvd.nist.gov/vuln/detail/CVE-2023-38709\n[ 2 ] CVE-2024-24795\n https://nvd.nist.gov/vuln/detail/CVE-2024-24795\n[ 3 ] CVE-2024-27316\n https://nvd.nist.gov/vuln/detail/CVE-2024-27316\n[ 4 ] CVE-2024-36387\n https://nvd.nist.gov/vuln/detail/CVE-2024-36387\n[ 5 ] CVE-2024-38472\n https://nvd.nist.gov/vuln/detail/CVE-2024-38472\n[ 6 ] CVE-2024-38473\n https://nvd.nist.gov/vuln/detail/CVE-2024-38473\n[ 7 ] CVE-2024-38474\n https://nvd.nist.gov/vuln/detail/CVE-2024-38474\n[ 8 ] CVE-2024-38475\n https://nvd.nist.gov/vuln/detail/CVE-2024-38475\n[ 9 ] CVE-2024-38476\n https://nvd.nist.gov/vuln/detail/CVE-2024-38476\n[ 10 ] CVE-2024-38477\n https://nvd.nist.gov/vuln/detail/CVE-2024-38477\n[ 11 ] CVE-2024-39573\n https://nvd.nist.gov/vuln/detail/CVE-2024-39573\n[ 12 ] CVE-2024-39884\n https://nvd.nist.gov/vuln/detail/CVE-2024-39884\n[ 13 ] CVE-2024-40725\n https://nvd.nist.gov/vuln/detail/CVE-2024-40725\n[ 14 ] CVE-2024-40898\n https://nvd.nist.gov/vuln/detail/CVE-2024-40898\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202409-31\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-07-29-2024-4 macOS Sonoma 14.6\n\nmacOS Sonoma 14.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT214119. \n\nApple maintains a Security Releases page at\nhttps://support.apple.com/HT201222 which lists recent\nsoftware updates with security advisories. \n\nAccounts\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to access private\ninformation\nDescription: The issue was addressed with improved checks. \nCVE-2024-40804: IES Red Team of ByteDance\n\napache\nAvailable for: macOS Sonoma\nImpact: Multiple issues in apache\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-38709: Yeto\nCVE-2024-24795: Yeto\nCVE-2024-27316: Yeto\n\nAPFS\nAvailable for: macOS Sonoma\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with improved restriction of data\ncontainer access. \nCVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40774: Mickey Jin (@patch1t)\nCVE-2024-40814: Mickey Jin (@patch1t)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Sonoma\nImpact: An app may be able to leak sensitive user information\nDescription: A downgrade issue was addressed with additional code-\nsigning restrictions. \nCVE-2024-40775: Mickey Jin (@patch1t)\n\nAppleVA\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: The issue was addressed with improved memory handling. \nCVE-2024-27877: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nASP TCP\nAvailable for: macOS Sonoma\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: A buffer overflow issue was addressed with improved memory\nhandling. \nCVE-2024-27878: CertiK SkyFall Team\n\nCoreGraphics\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40799: D4m0n\n\nCoreMedia\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted video file may lead to\nunexpected app termination\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2024-27873: Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\ncurl\nAvailable for: macOS Sonoma\nImpact: Multiple issues in curl\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-2004\nCVE-2024-2379\nCVE-2024-2398\nCVE-2024-2466\n\nDesktopServices\nAvailable for: macOS Sonoma\nImpact: An app may be able to overwrite arbitrary files\nDescription: The issue was addressed with improved checks. \nCVE-2024-40827: an anonymous researcher\n\ndyld\nAvailable for: macOS Sonoma\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with additional validation. \nCVE-2024-40815: w0wbox\n\nFamily Sharing\nAvailable for: macOS Sonoma\nImpact: An app may be able to read sensitive location information\nDescription: This issue was addressed with improved data protection. \nCVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing an image may lead to a denial-of-service\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2023-6277\nCVE-2023-52356\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2024-40806: Yisumi\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40777: Junsung Lee working with Trend Micro Zero Day\nInitiative, and Amir Bazine and Karsten K\u00f6nig of CrowdStrike Counter\nAdversary Operations\n\nImageIO\nAvailable for: macOS Sonoma\nImpact: Processing a maliciously crafted file may lead to unexpected app\ntermination\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2024-40784: Junsung Lee working with Trend Micro Zero Day\nInitiative, Gandalf4a\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to determine kernel memory layout\nDescription: An information disclosure issue was addressed with improved\nprivate data redaction for log entries. \nCVE-2024-27863: CertiK SkyFall Team\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2024-40816: sqrtpwn\n\nKernel\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to cause unexpected system shutdown\nDescription: A type confusion issue was addressed with improved memory\nhandling. \nCVE-2024-40788: Minghao Lin and Jiaxun Zhu from Zhejiang University\n\nKeychain Access\nAvailable for: macOS Sonoma\nImpact: An attacker may be able to cause unexpected app termination\nDescription: A type confusion issue was addressed with improved checks. \nCVE-2024-40803: Patrick Wardle of DoubleYou \u0026 the Objective-See\nFoundation\n\nlibxpc\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-40805\n\nMessages\nAvailable for: macOS Sonoma\nImpact: An app may be able to view a contact\u0027s phone number in system\nlogs\nDescription: The issue was addressed with improved checks. \nCVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)\n\nNetworkExtension\nAvailable for: macOS Sonoma\nImpact: Private browsing may leak some browsing history\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-40796: Adam M. \n\nOpenSSH\nAvailable for: macOS Sonoma\nImpact: A remote attacker may be able to cause arbitrary code execution\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nCVE-2024-6387\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40781: Mickey Jin (@patch1t)\nCVE-2024-40802: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: The issue was addressed with improved checks. \nCVE-2024-40823: Zhongquan Li (@Guluisacat) from Dawn Security Lab of\nJingDong\n\nPackageKit\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: A permissions issue was addressed with additional\nrestrictions. \nCVE-2024-27882: Mickey Jin (@patch1t)\nCVE-2024-27883: Mickey Jin (@patch1t), and Csaba Fitzl (@theevilbit) of\nKandji\n\nPhotos Storage\nAvailable for: macOS Sonoma\nImpact: Photos in the Hidden Photos Album may be viewed without\nauthentication\nDescription: An authentication issue was addressed with improved state\nmanagement. \nCVE-2024-40778: Mateen Alinaghi\n\nRestore Framework\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: An input validation issue was addressed with improved input\nvalidation. \nCVE-2024-40800: Claudio Bozzato and Francesco Benvenuto of Cisco Talos\n\nSafari\nAvailable for: macOS Sonoma\nImpact: An app may bypass Gatekeeper checks\nDescription: A race condition was addressed with improved locking. \nCVE-2023-27952: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSafari\nAvailable for: macOS Sonoma\nImpact: Visiting a website that frames malicious content may lead to UI\nspoofing\nDescription: The issue was addressed with improved UI handling. \nCVE-2024-40817: Yadhu Krishna M and Narendra Bhati, Manager of Cyber\nSecurity At Suma Soft Pvt. Ltd, Pune (India)\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to bypass Privacy preferences\nDescription: This issue was addressed through improved state management. \nCVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and\nZhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong\n\nSandbox\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2024-27871: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of\nKandji, and Zhongquan Li (@Guluisacat) of Dawn Security Lab of JingDong\n\nScripting Bridge\nAvailable for: macOS Sonoma\nImpact: An app may be able to access information about a user\u2019s contacts\nDescription: A privacy issue was addressed with improved private data\nredaction for log entries. \nCVE-2024-27881: Kirin (@Pwnrin)\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: Third party app extensions may not receive the correct sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2024-40821: Joshua Jones\n\nSecurity\nAvailable for: macOS Sonoma\nImpact: An app may be able to read Safari\u0027s browsing history\nDescription: This issue was addressed with improved redaction of\nsensitive information. \nCVE-2024-40798: Adam M. \n\nSecurity Initialization\nAvailable for: macOS Sonoma\nImpact: An app may be able to access protected user data\nDescription: This issue was addressed with improved validation of\nsymlinks. \nCVE-2024-27872: Zhongquan Li (@Guluisacat) of Dawn Security Lab of\nJingDong\n\nSetup Assistant\nAvailable for: macOS Sonoma\nImpact: Enabling Lockdown Mode while setting up a Mac may cause\nFileVault to become unexpectedly disabled\nDescription: A logic issue was addressed with improved state management. \nCVE-2024-27862: Jiwon Park\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to use sensitive data with certain\nactions without prompting the user\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40833: an anonymous researcher\nCVE-2024-40835: an anonymous researcher\nCVE-2024-40836: an anonymous researcher\nCVE-2024-40807: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass sensitive Shortcuts app\nsettings\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40834: Marcio Almeida from Tanto Security\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: A logic issue was addressed with improved checks. \nCVE-2024-40809: an anonymous researcher\nCVE-2024-40812: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: A shortcut may be able to bypass Internet permission\nrequirements\nDescription: This issue was addressed by adding an additional prompt for\nuser consent. \nCVE-2024-40787: an anonymous researcher\n\nShortcuts\nAvailable for: macOS Sonoma\nImpact: An app may be able to access user-sensitive data\nDescription: This issue was addressed by removing the vulnerable code. \nCVE-2024-40793: Kirin (@Pwnrin)\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access may be able to use Siri to\naccess sensitive user data\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40818: Bistrit Dahal and Srijan Poudel\n\nSiri\nAvailable for: macOS Sonoma\nImpact: An attacker with physical access to a device may be able to\naccess contacts from the lock screen\nDescription: This issue was addressed by restricting options offered on\na locked device. \nCVE-2024-40822: Srijan Poudel\n\nStorageKit\nAvailable for: macOS Sonoma\nImpact: A malicious app may be able to gain root privileges\nDescription: The issue was addressed with improved checks. \nCVE-2024-40828: Mickey Jin (@patch1t)\n\nsudo\nAvailable for: macOS Sonoma\nImpact: An app may be able to modify protected parts of the file system\nDescription: The issue was addressed with improved checks. \nCVE-2024-40811: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: A use-after-free issue was addressed with improved memory\nmanagement. \nWebKit Bugzilla: 273176\nCVE-2024-40776: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 268770\nCVE-2024-40782: Maksymilian Motyl\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nWebKit Bugzilla: 275431\nCVE-2024-40779: Huang Xilin of Ant Group Light-Year Security Lab\nWebKit Bugzilla: 275273\nCVE-2024-40780: Huang Xilin of Ant Group Light-Year Security Lab\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to a cross\nsite scripting attack\nDescription: This issue was addressed with improved checks. \nWebKit Bugzilla: 273805\nCVE-2024-40785: Johan Carlsson (joaxcar)\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: An out-of-bounds access issue was addressed with improved\nbounds checking. \nCVE-2024-40789: Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with\nTrend Micro Zero Day Initiative\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Processing maliciously crafted web content may lead to an\nunexpected process crash\nDescription: This is a vulnerability in open source code and Apple\nSoftware is among the affected projects. The CVE-ID was assigned by a\nthird party. Learn more about the issue and CVE-ID at cve.org. \nWebKit Bugzilla: 274165\nCVE-2024-4558\n\nWebKit\nAvailable for: macOS Sonoma\nImpact: Private Browsing tabs may be accessed without authentication\nDescription: This issue was addressed through improved state management. \nWebKit Bugzilla: 275272\nCVE-2024-40794: Matthew Butler\n\nAdditional recognition\n\nAirDrop\nWe would like to acknowledge Linwz of DEVCORE for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Yann GASCUEL of Alter Solutions for their\nassistance. \n\nImage Capture\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nShortcuts\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nWebKit\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nmacOS Sonoma 14.6 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Releases\nweb site: https://support.apple.com/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmaoH5kACgkQX+5d1TXa\nIvoS9g/9FoLSV93tVrIOZIM4w/BEZRFu/T1DfMPzOsZsOrvaQicKq7ezW+pRrMXI\nG0QBIz1QGCYZikcbyQOpgzl9Rk7ckfq+mMCn1ESWku1DbR6MOU7lZEpWRsjYStQY\nra6BRT45GPtGG0YFyQXGnxMoS5IXopV5tmgQ4M4585xXso4/Dw192Vq/68NPIB2V\nywa6fCo6VC7/hHMe0v5GFVJzmSymEYF3b0CNHZVFx1K793hHrYjH1Dj4NcRlqyln\nKp3IrABhPPW8l67gS6f8RicZwzWOH3Ubwv4kivlTtDusqeX+/7mlXrvGTYd5G39P\n70jSwUeekfYkQYGT5yLjFCOTM98ApG4iHnryEkpNldMk9JRozoN3VT5PDv6b7EtR\nYsG1UiZNn0rq1TurFHdsX7G8LZX1jBe1XNy883FeuPlXuPQwGcds+Q5UpiGoM5Kj\nxx0SGiaK4Lg9tOsGDvHDvrtgl9vIGYy07953Gre+xUhdNs+AnG8KhwKs+n3WYjcL\nlH3ffMkq/NTVohaNaIcNk4YQ7Y5+y9Y0Z2YuYTmaOipxMNEpOnvJj6LB1H5Qgj4M\nLIuUxs1gl2b7B93J95w8FmdFewvUCgcZwTxU2ltsYAcZHnRwWE0twYP5v1Pc8tOG\nMZuvS0pTI+hgve1viS0inOnRpoYv+KzkaSYEhvsS16NgDuRUOqE=\n=eOPj\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38709"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "179789"
},
{
"db": "PACKETSTORM",
"id": "182614"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2023-38709",
"trust": 3.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2024/04/04/3",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/07/10/3",
"trust": 1.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2025/07/10/2",
"trust": 1.0
},
{
"db": "ICS CERT",
"id": "ICSA-24-319-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96191615",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91930855",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99032532",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029234",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "179274",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178035",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178131",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "178298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181748",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181747",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "181910",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "179789",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "182614",
"trust": 0.1
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "179789"
},
{
"db": "PACKETSTORM",
"id": "182614"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"id": "VAR-202404-0120",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2026-04-10T23:30:53.560000Z",
"patch": {
"_id": null,
"data": [
{
"title": "120911",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-1284",
"trust": 1.0
},
{
"problemtype": "Improper validation of quantity specified in input (CWE-1284) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-38709"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2024/jul/18"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/3"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"trust": 1.0,
"url": "https://support.apple.com/kb/ht214119"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/3"
},
{
"trust": 1.0,
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/i2n2nzex3mr64iwsgl3qgn7ksrugaemf/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lx5u34kygdyprh3aj6mddcbjdwdpxnvj/"
},
{
"trust": 1.0,
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wnv4szapvs43dzwnfu7xbyyozezmi4zc/"
},
{
"trust": 1.0,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99032532/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96191615/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91930855/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-04"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27316"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-24795"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273491"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-6729-1"
},
{
"trust": 0.2,
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_6_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4197.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:4197"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.57-2ubuntu2.4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6729-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-43622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-45802"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-31122"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6729-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.1"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:6928"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6928.json"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295011"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6927.json"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:6927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-36387"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-39573"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-39884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38475"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202409-31"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40898"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-40725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-2004"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht201222."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-52356"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27863"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-2466"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-2379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-2398"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-27862"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht214119."
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273499"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2024:9306"
},
{
"trust": 0.1,
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/index"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-14668"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-6576"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-49856"
},
{
"trust": 0.1,
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9306.json"
},
{
"trust": 0.1,
"url": "https://issues.redhat.com/browse/rhel-6575"
}
],
"sources": [
{
"db": "PACKETSTORM",
"id": "179274"
},
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178096"
},
{
"db": "PACKETSTORM",
"id": "178298"
},
{
"db": "PACKETSTORM",
"id": "181748"
},
{
"db": "PACKETSTORM",
"id": "181747"
},
{
"db": "PACKETSTORM",
"id": "181910"
},
{
"db": "PACKETSTORM",
"id": "179789"
},
{
"db": "PACKETSTORM",
"id": "182614"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
},
{
"db": "NVD",
"id": "CVE-2023-38709"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "PACKETSTORM",
"id": "179274",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178035",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178131",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178096",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "178298",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "181748",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "181747",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "181910",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "179789",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "182614",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2023-029234",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2023-38709",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2024-07-01T14:40:30",
"db": "PACKETSTORM",
"id": "179274",
"ident": null
},
{
"date": "2024-04-12T14:46:14",
"db": "PACKETSTORM",
"id": "178035",
"ident": null
},
{
"date": "2024-04-18T15:28:17",
"db": "PACKETSTORM",
"id": "178131",
"ident": null
},
{
"date": "2024-04-17T15:49:51",
"db": "PACKETSTORM",
"id": "178096",
"ident": null
},
{
"date": "2024-04-29T14:47:52",
"db": "PACKETSTORM",
"id": "178298",
"ident": null
},
{
"date": "2024-09-24T13:46:16",
"db": "PACKETSTORM",
"id": "181748",
"ident": null
},
{
"date": "2024-09-24T13:46:08",
"db": "PACKETSTORM",
"id": "181747",
"ident": null
},
{
"date": "2024-09-30T14:35:24",
"db": "PACKETSTORM",
"id": "181910",
"ident": null
},
{
"date": "2024-07-30T12:21:31",
"db": "PACKETSTORM",
"id": "179789",
"ident": null
},
{
"date": "2024-11-13T15:40:54",
"db": "PACKETSTORM",
"id": "182614",
"ident": null
},
{
"date": "2025-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-029234",
"ident": null
},
{
"date": "2024-04-04T20:15:08.047000",
"db": "NVD",
"id": "CVE-2023-38709",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2025-07-15T05:48:00",
"db": "JVNDB",
"id": "JVNDB-2023-029234",
"ident": null
},
{
"date": "2025-11-04T22:15:53.457000",
"db": "NVD",
"id": "CVE-2023-38709",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "178035"
},
{
"db": "PACKETSTORM",
"id": "178131"
},
{
"db": "PACKETSTORM",
"id": "178298"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache\u00a0Software\u00a0Foundation\u00a0 of \u00a0Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability related to improper validation of quantities specified in inputs in products from multiple vendors such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-029234"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "overflow, spoof, code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "179789"
}
],
"trust": 0.1
}
}
VAR-200709-0495
Vulnerability from variot - Updated: 2026-04-10 23:24Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. Web pages generated by the affected source code may be prone to a cross-site scripting issue. Versions prior to Apache 2.2.6 are affected. NOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)
It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)
It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847).
A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Updated Packages:
Mandriva Linux 2007.0: 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Corporate 3.0: 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 3.0/X86_64: 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 4.0: 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01756421 Version: 1
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-06-29 Last Updated: 2009-06-25
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code.
References: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier
BACKGROUND
=============================================== Reference Base Vector Base Score CVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x =============================================== CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 ===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server v3.05 HP-UX B.11.23 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT action: install revision B.2.2.8.04 or subsequent URL: http://software.hp.com
Web Server v2.25 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE .WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT action: install revision B.2.0.59.10 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 29 June 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]
Author: SecurityReason Maksymilian Arciemowicz (cXIb8O3)
Date: - - Written: 08.08.2007 - - Public: 11.09.2007
SecurityReason Research SecurityAlert Id: 46
CVE: CVE-2007-4465 SecurityRisk: Low
Affected Software: Apache 2.x (mod_autoindex) Advisory URL: http://securityreason.com/achievement_securityalert/46 Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
The XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using "P" option available in apache 2.2.4 by setting Charset to UTF-7.
"P=pattern lists only files matching the given pattern"
More : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS
ap_set_content_type(r, "text/html;charset=utf-8");
else
ap_set_content_type(r, "text/html");
endif
- -Source code from mod_autoindex.c--------------
if APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded.
- --- EXAMPLE 1 ---
telnet localhost 80
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'
GET /icons/ http/1.1 Host: localhost Content-type: text/html Keep-Alive: 300 Connection: keep-alive
HTTP/1.1 200 OK Date: Thu, 09 Aug 2007 01:01:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html
Index of /iconsIndex of /icons
... - --- EXAMPLE 1 --- - --- EXAMPLE 2 --- # telnet httpd.apache.org 80 Trying 140.211.11.130... Connected to httpd.apache.org. Escape character is '^]'. GET /icons/ http/1.1 Host: httpd.apache.org Content-type: text/html Keep-Alive: 300 Connection: keep-alive HTTP/1.1 200 OK Date: Wed, 08 Aug 2007 23:06:26 GMT Server: Apache/2.3.0-dev (Unix) Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html Index of /iconsIndex of /icons
... - --- EXAMPLE 2 --- Any request to folder /icons don't give charset in main header and in section. In requests like 400 404 etc charset is defined (standard UTF8). For example : - --- EXAMPLE 3 (400) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /%0 HTTP/1.1 Host: localhost HTTP/1.1 400 Bad Request Date: Thu, 09 Aug 2007 13:13:32 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 3 --- - --- EXAMPLE 4 (404) --- # telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET /noex HTTP/1.1 Host: localhost HTTP/1.1 404 Not Found Date: Thu, 09 Aug 2007 13:14:48 GMT Server: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 ... - --- EXAMPLE 4 --- Any request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can't put any text to this site with folder. And it was good idea, but in apache 2.x exist option "P". Like: http://localhost/icons/?P=[Filter] Any value gived to this variable is displayed in html text. For example : http://localhost/icons/?P=Hallo - --- HTML --------Show details on source websiteName - ----------------- - --- 2. Exploit --- SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . - --- 3. How to fix --- Update to Apache 2.2.6 http://www.apache.org/dist/httpd/CHANGES_2.2.6 - --- mod_autoindex: Add in Type and Charset options to IndexOptions directive. This allows the admin to explicitly set the content-type and charset of the generated page and is therefore a viable workaround for buggy browsers affected by CVE-2007-4465 (cve.mitre.org). [Jim Jagielski] - --- - --- 4. Greets --- For: sp3x, Infospec, p_e_a - --- 5. Contact --- Author: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ] Email: cxib [at] securityreason [dot] com GPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (OpenBSD) iD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo MGWmxpeZzSTbVKnHIP5M+2o= =BrVf -----END PGP SIGNATURE-----
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "fedora core7",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.2"
},
{
"_id": null,
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"_id": null,
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "application stack for enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "2.0.61-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "application stack for enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "a9",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "2.0.60-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
}
],
"sources": [
{
"db": "BID",
"id": "25653"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
},
{
"db": "NVD",
"id": "CVE-2007-4465"
}
]
},
"credits": {
"_id": null,
"data": "Maksymilian Arciemowicz is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
}
],
"trust": 0.6
},
"cve": "CVE-2007-4465",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-4465",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2007-4465",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4465",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2007-4465",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-166",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-4465",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-4465"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
},
{
"db": "NVD",
"id": "CVE-2007-4465"
},
{
"db": "NVD",
"id": "CVE-2007-4465"
}
]
},
"description": {
"_id": null,
"data": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. Apache is affected by a vulnerability that may cause certain web pages to be prone to a cross-site scripting attack. This issue stems from a lack of a defined charset on certain generated pages. \nWeb pages generated by the affected source code may be prone to a cross-site scripting issue. \nVersions prior to Apache 2.2.6 are affected. \nNOTE: Reports indicate that this issue does not occur when the application is running on Windows operating systems. =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. A remote\nattacker could send Apache crafted date headers and cause a denial of\nservice via application crash. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847). \n \n A flaw in the Apache mod_autoindex module was found. On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm\n 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm\n 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm\n 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm\n 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm\n 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm\n c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm\n b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm\n a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm\n 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm\n c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm\n bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm\n 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm\n fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm\n 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm\n ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm\n 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm\n 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm\n bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm\n 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm\n 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm\n f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm\n f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm\n 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm\n 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm\n 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm\n d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm\n fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm\n f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm\n b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm\n 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm\n bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm\n 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm\n 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm\n 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm\n 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm\n d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm\n 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm\n d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm\n f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm\n 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm\n 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm\n f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm\n 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm\n 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm\n 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm\n e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm\n 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm\n 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm\n 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm\n c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm\n b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm\n fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm\n 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm\n 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Corporate 3.0:\n 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm\n e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm\n 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm\n c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm\n 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm\n 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm\n 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm\n 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm\n 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm\n 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm\n 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm\n 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm\n f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm\n 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm\n c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm\n f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm\n b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm\n e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm\n 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm\n 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm\n 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm\n c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm\n 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm\n 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm\n 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm\n 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm\n 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 4.0:\n 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm\n 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm\n 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm\n eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm\n 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm\n 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm\n d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm\n 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm\n 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm\n d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm\n 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm\n 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm\n 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm\n 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm\n ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm\n f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm\n 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm\n c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm\n 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm\n 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm\n 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm\n 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm\n 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm\n fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm\n 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm\n 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm\n 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm\n 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm\n 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm\n efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm\n 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm \n 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01756421\nVersion: 1\n\nHPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-06-29\nLast Updated: 2009-06-25\n\nPotential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. \n\nReferences: CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.03 or v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.0.59.09 or earlier or Tomcat-based Servelet Engine v5.5.27.01 or earlier \n\nBACKGROUND\n\n===============================================\nReference Base Vector Base Score \nCVE-nnnn-nnnn (AV:x/AC:x/Au:x/C:x/I:x/A:x) x.x\n===============================================\nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 \nCVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 \nCVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 \nCVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 \nCVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 \nCVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \nCVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 \n===============================================\n\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nFor Web Server v3.05 \nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \naction: install revision B.2.2.8.04 or subsequent \nURL: http://software.hp.com \n\nWeb Server v2.25 \nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE .WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \naction: install revision B.2.0.59.10 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 29 June 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW \nMA = HP Management Agents \nMI = Misc. 3rd Party SW \nMP = HP MPE/iX \nNS = HP NonStop Servers \nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging \nST = HP Storage SW \nTL = HP Trusted Linux \nTU = HP Tru64 UNIX \nUX = HP-UX \nVV = HP VirtualVault \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[Apache2 Undefined Charset UTF-7 XSS Vulnerability ]\n\nAuthor: SecurityReason\nMaksymilian Arciemowicz (cXIb8O3)\n\nDate:\n- - Written: 08.08.2007\n- - Public: 11.09.2007\n\nSecurityReason Research\nSecurityAlert Id: 46\n\nCVE: CVE-2007-4465\nSecurityRisk: Low \n\nAffected Software: Apache 2.x (mod_autoindex)\nAdvisory URL: http://securityreason.com/achievement_securityalert/46\nVendor: http://httpd.apache.org\n\n- --- 0.Description ---\n\nThe Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. \n\nApache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined. \n\n- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---\n\nThe XSS(UTF7) exist in mod_autoindex.c . Charset is not defined and we can provide XSS attack using \"P\" option available in apache 2.2.4 by setting Charset to UTF-7. \n\n\"P=pattern lists only files matching the given pattern\"\n\nMore : http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html\n\n- -Source code from mod_autoindex.c--------------\n#if APR_HAS_UNICODE_FS\nap_set_content_type(r, \"text/html;charset=utf-8\");\n#else\nap_set_content_type(r, \"text/html\");\n#endif\n- -Source code from mod_autoindex.c--------------\n\n\nif APR_HAS_UNICODE_FS is set to 1 then we have defined charset and this is present on Windows systems . But on on unix , linux systems the charset is not definded. \n\n- --- EXAMPLE 1 ---\n# telnet localhost 80\nTrying 127.0.0.1... \nConnected to localhost. \nEscape character is \u0027^]\u0027\n\nGET /icons/ http/1.1\nHost: localhost\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Thu, 09 Aug 2007 01:01:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nKeep-Alive: timeout=15, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003cHTML\u003e\n\u003cHEAD\u003e\n\u003cTITLE\u003eIndex of /icons\u003c/TITLE\u003e\n\u003c/HEAD\u003e\n\u003cBODY\u003e\n\u003cH1\u003eIndex of /icons\u003c/H1\u003e\n... \n- --- EXAMPLE 1 ---\n\n- --- EXAMPLE 2 ---\n# telnet httpd.apache.org 80\nTrying 140.211.11.130... \nConnected to httpd.apache.org. \nEscape character is \u0027^]\u0027. \n\nGET /icons/ http/1.1\nHost: httpd.apache.org\nContent-type: text/html\nKeep-Alive: 300\nConnection: keep-alive\n\n\nHTTP/1.1 200 OK\nDate: Wed, 08 Aug 2007 23:06:26 GMT\nServer: Apache/2.3.0-dev (Unix)\nVary: Accept-Encoding\nKeep-Alive: timeout=5, max=100\nConnection: Keep-Alive\nTransfer-Encoding: chunked\nContent-Type: text/html\n\n\n\u003c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eIndex of /icons\u003c/title\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003ch1\u003eIndex of /icons\u003c/h1\u003e\n... \n- --- EXAMPLE 2 ---\n\nAny request to folder /icons don\u0027t give charset in main header and in \u003chead\u003e\u003c/head\u003e section. In requests like 400 404 etc charset is defined (standard UTF8). \n\nFor example :\n\n- --- EXAMPLE 3 (400) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /%0 HTTP/1.1\nHost: localhost\n\nHTTP/1.1 400 Bad Request\nDate: Thu, 09 Aug 2007 13:13:32 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nConnection: close\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 3 ---\n\n- --- EXAMPLE 4 (404) ---\n# telnet 127.0.0.1 80\nTrying 127.0.0.1... \nConnected to 127.0.0.1. \nEscape character is \u0027^]\u0027. \nGET /noex HTTP/1.1\nHost: localhost\n\nHTTP/1.1 404 Not Found\nDate: Thu, 09 Aug 2007 13:14:48 GMT\nServer: Apache/1.3.29 (Unix) PHP/5.1.6 with Suhosin-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j\nTransfer-Encoding: chunked\nContent-Type: text/html; charset=iso-8859-1\n... \n- --- EXAMPLE 4 ---\n\nAny request from family 4xx is defined with charset. Because it is possible put the text to site (like wrong patch) in 404. Main idea was that, anybody can\u0027t put any text to this site with folder. And it was good idea, but in apache 2.x exist option \"P\". \nLike:\n\nhttp://localhost/icons/?P=[Filter]\n\nAny value gived to this variable is displayed in html text. For example :\n\nhttp://localhost/icons/?P=Hallo\n\n- --- HTML --------\n\u003cpre\u003e\u003cimg src=\"/icons/blank.gif\" alt=\"Icon \"\u003e \u003ca href=\"?C=N;O=D;P=Hallo\"\u003eName\u003c/a\u003e\n- -----------------\n\n- --- 2. Exploit ---\n\nSecurityReason is not going to release a exploit to the general public. \nExploit was provided and tested for Apache Team . \n\n- --- 3. How to fix ---\n\nUpdate to Apache 2.2.6\n\nhttp://www.apache.org/dist/httpd/CHANGES_2.2.6\n\n- ---\nmod_autoindex: Add in Type and Charset options to IndexOptions\ndirective. This allows the admin to explicitly set the \ncontent-type and charset of the generated page and is therefore\na viable workaround for buggy browsers affected by CVE-2007-4465\n(cve.mitre.org). [Jim Jagielski]\n- ---\n\n- --- 4. Greets ---\n\nFor: sp3x, Infospec, p_e_a\n\n- --- 5. Contact ---\n\nAuthor: SecurityReason [ Maksymilian Arciemowicz ( cXIb8O3 ) ]\nEmail: cxib [at] securityreason [dot] com\nGPG: http://securityreason.pl/key/Arciemowicz.Maksymilian.gpg\nhttp://securityreason.com\nhttp://securityreason.pl\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.6 (OpenBSD)\n\niD8DBQFG6F0A3Ke13X/fTO4RAg49AJ9ZYTCR02BWOxInIA0qybXBagnu4wCdFvlo\nMGWmxpeZzSTbVKnHIP5M+2o=\n=BrVf\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4465"
},
{
"db": "BID",
"id": "25653"
},
{
"db": "VULMON",
"id": "CVE-2007-4465"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "PACKETSTORM",
"id": "78873"
},
{
"db": "PACKETSTORM",
"id": "59301"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "82164"
}
],
"trust": 1.89
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-4465",
"trust": 2.7
},
{
"db": "BID",
"id": "25653",
"trust": 2.0
},
{
"db": "USCERT",
"id": "TA08-150A",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33105",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28749",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35650",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28607",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27732",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31651",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26952",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30430",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28471",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26842",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27563",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28467",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1697",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3113",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1019194",
"trust": 1.7
},
{
"db": "HP",
"id": "SSRT080118",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT090192",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT090085",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2007:061",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-05-28",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDVSA-2008:014",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0005",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0004",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0008",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0006",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2007:0911",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2008:0261",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-200711-06",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2007-2214",
"trust": 0.6
},
{
"db": "FEDORA",
"id": "FEDORA-2007-707",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-575-1",
"trust": 0.6
},
{
"db": "SREASONRES",
"id": "20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "7",
"trust": 0.6
},
{
"db": "XF",
"id": "36586",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070912 APACHE2 UNDEFINED CHARSET UTF-7 XSS VULNERABILITY",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:6089",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-150A",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2007-4465",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61459",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "78873",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59301",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69466",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-4465"
},
{
"db": "BID",
"id": "25653"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "PACKETSTORM",
"id": "78873"
},
{
"db": "PACKETSTORM",
"id": "59301"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
},
{
"db": "NVD",
"id": "CVE-2007-4465"
}
]
},
"id": "VAR-200709-0495",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-04-10T23:24:05.770000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-4465"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4465"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432"
},
{
"trust": 2.3,
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"trust": 2.3,
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"trust": 2.1,
"url": "http://www.apache.org/dist/httpd/changes_2.2.6"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"trust": 1.8,
"url": "http://securityreason.com/achievement_securityalert/46"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/25653"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3113"
},
{
"trust": 1.7,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0911.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26842"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26952"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27563"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27732"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1019194"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28467"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28471"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28607"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28749"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30430"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31651"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33105"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35650"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6089"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10929"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/479237/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:6089"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36586"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1697"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "/archive/1/479237"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0911.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.3,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665"
},
{
"trust": 0.2,
"url": "http://software.hp.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453783"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/575-1/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5625"
},
{
"trust": 0.1,
"url": "http://securityreason.pl/key/arciemowicz.maksymilian.gpg"
},
{
"trust": 0.1,
"url": "http://localhost/icons/?p=hallo"
},
{
"trust": 0.1,
"url": "http://localhost/icons/?p=[filter]"
},
{
"trust": 0.1,
"url": "http://securityreason.com"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org"
},
{
"trust": 0.1,
"url": "http://securityreason.pl"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-4465"
},
{
"db": "BID",
"id": "25653"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "PACKETSTORM",
"id": "78873"
},
{
"db": "PACKETSTORM",
"id": "59301"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
},
{
"db": "NVD",
"id": "CVE-2007-4465"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2007-4465",
"ident": null
},
{
"db": "BID",
"id": "25653",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "63262",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "61459",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "78873",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "59301",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "69466",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82164",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-4465",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-09-14T00:00:00",
"db": "VULMON",
"id": "CVE-2007-4465",
"ident": null
},
{
"date": "2007-09-12T00:00:00",
"db": "BID",
"id": "25653",
"ident": null
},
{
"date": "2008-02-05T00:41:56",
"db": "PACKETSTORM",
"id": "63262",
"ident": null
},
{
"date": "2007-11-07T20:27:55",
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"date": "2007-12-04T05:30:30",
"db": "PACKETSTORM",
"id": "61459",
"ident": null
},
{
"date": "2009-07-02T18:53:57",
"db": "PACKETSTORM",
"id": "78873",
"ident": null
},
{
"date": "2007-09-13T23:41:20",
"db": "PACKETSTORM",
"id": "59301",
"ident": null
},
{
"date": "2008-08-29T05:14:23",
"db": "PACKETSTORM",
"id": "69466",
"ident": null
},
{
"date": "2009-10-23T18:14:28",
"db": "PACKETSTORM",
"id": "82164",
"ident": null
},
{
"date": "2007-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-166",
"ident": null
},
{
"date": "2007-09-14T00:17:00",
"db": "NVD",
"id": "CVE-2007-4465",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2007-4465",
"ident": null
},
{
"date": "2010-08-05T21:45:00",
"db": "BID",
"id": "25653",
"ident": null
},
{
"date": "2009-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-166",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4465",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache Mod_AutoIndex.C Undefined character cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "59301"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-166"
}
],
"trust": 1.1
}
}
VAR-200909-0801
Vulnerability from variot - Updated: 2026-04-10 23:16The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The Apache 'mod_proxy_ftp' module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. (CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1934-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 16, 2009 http://www.debian.org/security/faq
Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability.
As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate):
-
- The "SSLVerifyClient" directive is used in a Directory or Location context.
-
- The "SSLCipherSuite" directive is used in a Directory or Location context.
As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level.
A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue.
CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server.
For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on its next update. Patch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . The patch kits and installation instructions are available from the following location using ftp:
Host Account Password
ftp.usa.hp.com ewt01 Welcome1
CSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms.
Itanium Images mod_proxy.exe_ia64 mod_proxy_ftp.exe_ia64
Alpha Images mod_proxy.exe_axp mod_proxy_ftp.exe_axp
The patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02160663 Version: 1
HPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-06-02 Last Updated: 2010-06-02
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
References: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
Note: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30; CVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09 Note: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15
Web Server Suite Version / HP-UX Release / Depot name
Web Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot
Web Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot
Web Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot
Web Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot
Web Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot
Web Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot
Web Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.09 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.09 or subsequent
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.09 or subsequent
For Web Server Suite before v2.30 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY action: install revision B.2.0.59.15 or subsequent
HP-UX B.11.31
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.15 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv nksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100 =/Gfl -----END PGP SIGNATURE----- .
BAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"_id": null,
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "hp-ux apache-based web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "v.2.2.15.03"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.4.z (server)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"_id": null,
"model": "hat jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "51.0"
},
{
"_id": null,
"model": "hat jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "41.0"
},
{
"_id": null,
"model": "hat jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "41.0"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.03"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.35"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.33"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.27"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.23"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.19"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.12"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "compaq secure web server for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.06"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.05"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.01"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.55"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "software foundation mod proxy ftp",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "software foundation apache 2.2.7-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "software foundation apache 2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "software foundation apache 2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.9"
},
{
"_id": null,
"model": "business availability center",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.07"
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
}
],
"sources": [
{
"db": "BID",
"id": "36260"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "NVD",
"id": "CVE-2009-3094"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:apache-based_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
}
]
},
"credits": {
"_id": null,
"data": "Evgeny Legerov",
"sources": [
{
"db": "BID",
"id": "36260"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3094",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2009-3094",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 5.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-3094",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3094",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2009-3094",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-107",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2009-3094",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3094"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "NVD",
"id": "CVE-2009-3094"
}
]
},
"description": {
"_id": null,
"data": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. The Apache \u0027mod_proxy_ftp\u0027 module is prone to a denial-of-service vulnerability because of a NULL-pointer dereference. \nSuccessful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. ===========================================================\nUbuntu Security Notice USN-860-1 November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n apache2.2-common 2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n apache2.2-common 2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n apache2.2-common 2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. If an attacker could perform a man in the middle attack at the\nstart of a TLS connection, the attacker could inject arbitrary content at\nthe beginning of the user\u0027s session. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 834492 818915da9848657833480b1ead6b4a12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 224594 85a4480344a072868758c466f6a98747\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229128 446b52088b9744fb776e53155403a474\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 142730 d43356422176ca29440f3e0572678093\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 269070 bf585dec777b0306cd80663c11b020df\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 141660 958585d6391847cd5a618464054f7d37\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 206386 06402188459de8dab5279b5bfef768fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 233152 1165607c64c57c84212b6b106254e885\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 143838 28e9c3811feeac70b846279e82c23430\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 209550 496d387e315370c0cd83489db663a356\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 778564 ffd7752394933004094c13b00113b263\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 208528 6672fb116e108687669c89197732fbb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 261510 d3e1155682726cc28859156e647d97b3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 84558 68452b686e89320007e9c5367ce36345\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 926240 8282583e86e84bd256959540f39a515d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 241280 1eea25472875056e34cd2c3283c60171\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246024 5709e7421814ecfb83fff5804d429971\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 258414 8ef063026de9790bac1965427ce1b584\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 213294 09701d434bd102e4205e551b4525afd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 87818 670c62615e107920c45893b3377ab2a0\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 244914 955bb5121da808d44aa994386d90723f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 214286 a378e2e0418631cec0f398379a446172\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2336 009d381342b0be5280835a46c91f01d9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2314 17719223d92d46821098ce178b5947d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 155166 4347806710edff47fc051b4a68d5b448\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 90316 add7f446f6b524343c0066a486dd299a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1934-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : multiple issues\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555\n\n\nA design flaw has been found in the TLS and SSL protocol that allows\nan attacker to inject arbitrary content at the beginning of a TLS/SSL\nconnection. The attack is related to the way how TLS and SSL handle\nsession renegotiations. CVE-2009-3555 has been assigned to this\nvulnerability. \n\nAs a partial mitigation against this attack, this apache2 update\ndisables client-initiated renegotiations. This should fix the\nvulnerability for the majority of Apache configurations in use. \n\nNOTE: This is not a complete fix for the problem. The attack is\nstill possible in configurations where the server initiates the\nrenegotiation. This is the case for the following configurations\n(the information in the changelog of the updated packages is\nslightly inaccurate):\n\n- - The \"SSLVerifyClient\" directive is used in a Directory or Location\n context. \n- - The \"SSLCipherSuite\" directive is used in a Directory or Location\n context. \n\nAs a workaround, you may rearrange your configuration in a way that\nSSLVerifyClient and SSLCipherSuite are only used on the server or\nvirtual host level. \n\nA complete fix for the problem will require a protocol change. Further\ninformation will be included in a separate announcement about this\nissue. \n\nCVE-2009-3095: Insufficient input validation in the mod_proxy_ftp\nmodule allowed remote authenticated attackers to bypass intended access\nrestrictions and send arbitrary FTP commands to an FTP server. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny6. This version also includes some non-security\nbug fixes that were scheduled for inclusion in the next stable point\nrelease (Debian 5.0.4). \n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch11. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.14-2. \n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages. \n\nUpdated apache2-mpm-itk packages for the armel architecture are not\nincluded yet. They will be released as soon as they become available. \n\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch (oldstable)\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc\n Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz\n Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb\n Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb\n Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb\n Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb\n Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb\n Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb\n Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb\n Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb\n Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb\n Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb\n Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb\n Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874\n\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc\n Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz\n Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb\n Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb\n Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb\n Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb\n Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb\n Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb\n Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb\n Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb\n Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb\n Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb\n Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb\n Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e\n\n\n These files will probably be moved into the stable distribution on\n its next update. \nPatch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . \nThe patch kits and installation instructions are available from the following location using ftp:\n\n Host Account Password\n ftp.usa.hp.com ewt01 Welcome1\n\nCSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms. \n\nItanium Images\n mod_proxy.exe_ia64\n mod_proxy_ftp.exe_ia64\n\nAlpha Images\n mod_proxy.exe_axp\n mod_proxy_ftp.exe_axp\n\nThe patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02160663\nVersion: 1\n\nHPSBUX02531 SSRT100108 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-06-02\nLast Updated: 2010-06-02\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. \n\nReferences: CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.09\nHP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.15\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4\nCVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2010-0408 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-0740 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2010-0433 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2010-0434 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nNote: CVE-2009-3094, CVE-2009-3095 and 2010-0740 affect only HP-UX Web Server Suite v2.30;\nCVE-2010-0408, CVE-2010-0433 and CVE-2010-0434 affect only HP-UX Web Server Suite v3.09. \n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.09 contains HP-UX Apache-based Web Server v2.2.8.09\nNote: HP-UX Web Server Suite v2.30 contains HP-UX Apache-based Web Server v2.0.59.15\n\nWeb Server Suite Version / HP-UX Release / Depot name\n\nWeb Server v3.09 / B.11.23 and B.11.31 PA-32 / HPUXWS22ATW-B309-32.depot\n\nWeb Server v3.09 / B.11.23 and B.11.31 IA-64 / HPUXWS22ATW-B309-64.depot\n\nWeb Server v2.30 / B.11.11 PA-32 / HPUXWSATW-B230-1111.depot\n\nWeb Server v2.30 / B.11.23 PA-32 / HPUXWSATW-B230-32.depot\n\nWeb Server v2.30 / B.11.23 IA-64 / HPUXWSATW-B230-64.depot\n\nWeb Server v2.30 / B.11.31 IA-32 / HPUXWSATW-B230-32-1131.depot\n\nWeb Server v2.30 / B.11.31 IA-64 / HPUXWSATW-B230-64-1131.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.30 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.09 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Web Server Suite before v3.09\nHP-UX B.11.23\n==================\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\naction: install revision B.2.2.8.09 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.8.09 or subsequent\n\nFor Web Server Suite before v2.30\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxwsAPCH32.APACHE\nhpuxwsAPCH32.APACHE2\nhpuxwsAPCH32.AUTH_LDAP\nhpuxwsAPCH32.AUTH_LDAP2\nhpuxwsAPCH32.MOD_JK\nhpuxwsAPCH32.MOD_JK2\nhpuxwsAPCH32.MOD_PERL\nhpuxwsAPCH32.MOD_PERL2\nhpuxwsAPCH32.PHP\nhpuxwsAPCH32.PHP2\nhpuxwsAPCH32.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.15 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 2 June 2010 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkwG2+IACgkQ4B86/C0qfVm3LACfZ2twc1MNibwpLscDC7giyJJv\nnksAnR0xfycsdI9Z5RyDC/o+Dnt4Q100\n=/Gfl\n-----END PGP SIGNATURE-----\n. \n\nBAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3094"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "BID",
"id": "36260"
},
{
"db": "VULMON",
"id": "CVE-2009-3094"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "90263"
},
{
"db": "PACKETSTORM",
"id": "111587"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-3094",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "36549",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "37152",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0609",
"trust": 1.7
},
{
"db": "BID",
"id": "36260",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2009-2550",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2009-3094",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82647",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87839",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90263",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111587",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3094"
},
{
"db": "BID",
"id": "36260"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "90263"
},
{
"db": "PACKETSTORM",
"id": "111587"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "NVD",
"id": "CVE-2009-3094"
}
]
},
"id": "VAR-200909-0801",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17203079500000001
},
"last_update_date": "2026-04-10T23:16:40.099000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.0.64",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
},
{
"title": "Fixed in Apache httpd 2.2.14",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"title": "httpd-2.2.3-31.2.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=774"
},
{
"title": "HPUXWSATW313",
"trust": 0.8,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313"
},
{
"title": "HPSBUX02531",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02160663"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
},
{
"title": "7014463",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7009"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "PK96858",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858\u0026loc=en_US"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "1819",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1819"
},
{
"title": "1820",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1820"
},
{
"title": "RHSA-2009:1579",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1579.html"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1580.html"
},
{
"title": "multiple_vulnerabilities_in_the_apache",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_the_apache"
},
{
"title": "TLSA-2009-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt"
},
{
"title": "RHSA-2009:1579",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1579J.html"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1580J.html"
},
{
"title": "interstage_as_201007",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201007.html"
},
{
"title": "Red Hat: Moderate: httpd and httpd22 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100011 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a36c9e7334a243cf3d9e15331467e21c"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-860-1"
},
{
"title": "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a134c3483f034e2df5ced5ad7428ec"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2009-3094 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3094"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "NVD",
"id": "CVE-2009-3094"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/36549"
},
{
"trust": 2.0,
"url": "http://www.intevydis.com/blog/?p=59"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96858"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm09161"
},
{
"trust": 1.7,
"url": "http://intevydis.com/vd-list.shtml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37152"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0609"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=126998684522511\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=133355494609819\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8087"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10981"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3094"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/36260"
},
{
"trust": 0.8,
"url": "http://www.vupen.com/english/advisories/2009/2550"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs."
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.14"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://intevydis.com/company.shtml"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100074555"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03236227"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02002308"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201007e.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2009-3094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2010:0011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/860-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=18978"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3094"
},
{
"db": "BID",
"id": "36260"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "90263"
},
{
"db": "PACKETSTORM",
"id": "111587"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
},
{
"db": "NVD",
"id": "CVE-2009-3094"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2009-3094",
"ident": null
},
{
"db": "BID",
"id": "36260",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82799",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83521",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82647",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "81540",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "87839",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "90263",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111587",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002187",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-3094",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2009-3094",
"ident": null
},
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "36260",
"ident": null
},
{
"date": "2009-11-19T18:46:00",
"db": "PACKETSTORM",
"id": "82799",
"ident": null
},
{
"date": "2009-12-07T21:57:59",
"db": "PACKETSTORM",
"id": "83521",
"ident": null
},
{
"date": "2009-11-16T23:36:55",
"db": "PACKETSTORM",
"id": "82647",
"ident": null
},
{
"date": "2009-09-22T21:58:35",
"db": "PACKETSTORM",
"id": "81540",
"ident": null
},
{
"date": "2010-03-31T15:49:00",
"db": "PACKETSTORM",
"id": "87839",
"ident": null
},
{
"date": "2010-06-04T04:25:14",
"db": "PACKETSTORM",
"id": "90263",
"ident": null
},
{
"date": "2012-04-05T00:55:15",
"db": "PACKETSTORM",
"id": "111587",
"ident": null
},
{
"date": "2009-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-107",
"ident": null
},
{
"date": "2009-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002187",
"ident": null
},
{
"date": "2009-09-08T18:30:00.657000",
"db": "NVD",
"id": "CVE-2009-3094",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2009-3094",
"ident": null
},
{
"date": "2015-04-13T21:44:00",
"db": "BID",
"id": "36260",
"ident": null
},
{
"date": "2022-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-107",
"ident": null
},
{
"date": "2010-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002187",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3094",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache HTTP Server of ap_proxy_ftp_handler Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002187"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-107"
}
],
"trust": 0.6
}
}
VAR-202203-0034
Vulnerability from variot - Updated: 2026-04-10 23:16A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.
apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----
. Summary:
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Security Fix(es):
-
httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
-
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
-
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
-
httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
-
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
-
httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
-
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
-
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
-
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
-
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
-
httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 9) - aarch64, noarch, ppc64le, s390x, x86_64
The following packages have been upgraded to a later upstream version: httpd (2.4.53).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section. Needs documentation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720)
It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. (CVE-2022-23943)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22719"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169845"
},
{
"db": "PACKETSTORM",
"id": "169770"
}
],
"trust": 0.3
},
"cve": "CVE-2022-22719",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22719",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-411395",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22719",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22719",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1274",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-411395",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
},
{
"db": "NVD",
"id": "CVE-2022-22719"
}
]
},
"description": {
"_id": null,
"data": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 9) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nhttpd (2.4.53). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 9.1 Release Notes linked from the References section. Needs documentation. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. =========================================================================\nUbuntu Security Notice USN-5333-2\nMarch 17, 2022\n\napache2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chamal De Silva discovered that the Apache HTTP Server mod_lua module\n incorrectly handled certain crafted request bodies. A remote attacker could\n possibly use this issue to cause the server to crash, resulting in a denial\n of service. (CVE-2022-22719)\n\n James Kettle discovered that the Apache HTTP Server incorrectly closed\n inbound connection when certain errors are encountered. A remote attacker\n could possibly use this issue to perform an HTTP Request Smuggling attack. \n (CVE-2022-22720)\n\n It was discovered that the Apache HTTP Server incorrectly handled large\n LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)\n\n Ronald Crane discovered that the Apache HTTP Server mod_sed module\n incorrectly handled memory. (CVE-2022-23943)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm5\n apache2-bin 2.4.18-2ubuntu3.17+esm5\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm4\n apache2-bin 2.4.7-1ubuntu4.22+esm4\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22719"
},
{
"db": "VULHUB",
"id": "VHN-411395"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169845"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
}
],
"trust": 1.71
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411395",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-22719",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/03/14/4",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "166355",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166365",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169770",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169845",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022050324",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031504",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031727",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032127",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1158",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1078",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-41639",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411395",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169845"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
},
{
"db": "NVD",
"id": "CVE-2022-22719"
}
]
},
"id": "VAR-202203-0034",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:16:31.216000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Apache HTTP Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186369"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-665",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
},
{
"db": "NVD",
"id": "CVE-2022-22719"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/4"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1158"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1234"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22719/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1078"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031727"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169770/red-hat-security-advisory-2022-7647-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169845/red-hat-security-advisory-2022-8067-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031504"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050324"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-out-of-bounds-memory-reading-via-mod-lua-37792"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032127"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5333-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7647"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5333-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411395"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169845"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
},
{
"db": "NVD",
"id": "CVE-2022-22719"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-411395",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167188",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167189",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169845",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169770",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166355",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-22719",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-411395",
"ident": null
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188",
"ident": null
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189",
"ident": null
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"date": "2022-11-15T16:40:34",
"db": "PACKETSTORM",
"id": "169845",
"ident": null
},
{
"date": "2022-11-08T13:48:57",
"db": "PACKETSTORM",
"id": "169770",
"ident": null
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"date": "2022-03-17T15:54:28",
"db": "PACKETSTORM",
"id": "166355",
"ident": null
},
{
"date": "2022-03-18T15:34:37",
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1274",
"ident": null
},
{
"date": "2022-03-14T11:15:09.023000",
"db": "NVD",
"id": "CVE-2022-22719",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-411395",
"ident": null
},
{
"date": "2022-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1274",
"ident": null
},
{
"date": "2024-11-21T06:47:18.700000",
"db": "NVD",
"id": "CVE-2022-22719",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Apache HTTP Server Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1274"
}
],
"trust": 0.6
}
}
VAR-202203-0099
Vulnerability from variot - Updated: 2026-04-10 23:08If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ap_escape_html2 function. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-2 macOS Monterey 12.4
macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257.
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher
AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o
apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher
Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing
CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)
LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team
libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)
Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing
Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher
Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher
TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech
WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval
zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance.
FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance.
Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance.
WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance.
Wi-Fi We would like to acknowledge Dana Morrison for their assistance.
macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd24-httpd security and bug fix update Advisory ID: RHSA-2022:6753-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2022:6753 Issue date: 2022-09-29 CVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 =====================================================================
- Summary:
An update for httpd24-httpd is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Security Fix(es):
-
httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
-
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
-
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
-
httpd: mod_lua: Use of uninitialized value of in r:parsebody (CVE-2022-22719)
-
httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
-
httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)
-
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
-
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
-
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
-
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
-
httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match() 2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm httpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm httpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm httpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm httpd24-mod_session-2.4.34-23.el7.5.s390x.rpm httpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-23.el7.5.src.rpm
noarch: httpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm
x86_64: httpd24-httpd-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm httpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm httpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2022-22719 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-29404 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-30556 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/6975397
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719)
James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720)
It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. (CVE-2022-23943)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"_id": null,
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"_id": null,
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "witchymail",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "spoolserver/reportfiling",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "httpd server 2.x",
"scope": null,
"trust": 0.7,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "NVD",
"id": "CVE-2022-22721"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
}
],
"trust": 0.7
},
"cve": "CVE-2022-22721",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-22721",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-22721",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-411397",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22721",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22721",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-22721",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22721",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-22721",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2022-22721",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1299",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411397",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "VULHUB",
"id": "VHN-411397"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "NVD",
"id": "CVE-2022-22721"
}
]
},
"description": {
"_id": null,
"data": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the ap_escape_html2 function. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-2 macOS Monterey 12.4\n\nmacOS Monterey 12.4 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213257. \n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26772: an anonymous researcher\n\nAMD\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-26741: ABC Research s.r.o\nCVE-2022-26742: ABC Research s.r.o\nCVE-2022-26749: ABC Research s.r.o\nCVE-2022-26750: ABC Research s.r.o\nCVE-2022-26752: ABC Research s.r.o\nCVE-2022-26753: ABC Research s.r.o\nCVE-2022-26754: ABC Research s.r.o\n\napache\nAvailable for: macOS Monterey\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppleGraphicsControl\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAVEVideoEncoder\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26736: an anonymous researcher\nCVE-2022-26737: an anonymous researcher\nCVE-2022-26738: an anonymous researcher\nCVE-2022-26739: an anonymous researcher\nCVE-2022-26740: an anonymous researcher\n\nContacts\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26694: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nCVMS\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nImageIO\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow issue was addressed with improved\ninput validation. \nCVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend\nMicro Zero Day Initiative\n\nImageIO\nAvailable for: macOS Monterey\nImpact: Photo location information may persist after it is removed\nwith Preview Inspector\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26725: Andrew Williams and Avi Drissman of Google\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIOKit\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab\n\nIOMobileFrameBuffer\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved code execution in macOS\nRecovery may be able to escalate to kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26743: Jordy Zomer (@pwningsystems)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: macOS Monterey\nImpact: An attacker that has already achieved kernel code execution\nmay be able to bypass kernel memory mitigations\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de)\n\nKernel\nAvailable for: macOS Monterey\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nLaunchServices\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\nCVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team\n\nlibresolv\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPreview\nAvailable for: macOS Monterey\nImpact: A plug-in may be able to inherit the application\u0027s\npermissions and access user data\nDescription: This issue was addressed with improved checks. \nCVE-2022-26693: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nPrinting\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSafari Private Browsing\nAvailable for: macOS Monterey\nImpact: A malicious website may be able to track users in Safari\nprivate browsing mode\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-26731: an anonymous researcher\n\nSecurity\nAvailable for: macOS Monterey\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Monterey\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSoftwareUpdate\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: A validation issue existed in the handling of symlinks\nand was addressed with improved validation of symlinks. \nCVE-2022-26704: an anonymous researcher\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238178\nCVE-2022-26700: ryuzaki\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nWebKit Bugzilla: 236950\nCVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 237475\nCVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nWebKit Bugzilla: 238171\nCVE-2022-26717: Jeonghoon Shin of Theori\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 238183\nCVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab\nWebKit Bugzilla: 238699\nCVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Video self-preview in a webRTC call may be interrupted if the\nuser answers a phone call\nDescription: A logic issue in the handling of concurrent media was\naddressed with improved state handling. \nWebKit Bugzilla: 237524\nCVE-2022-22677: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26762: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Monterey\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Monterey\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nAppleMobileFileIntegrity\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nCalendar\nWe would like to acknowledge Eugene Lim of Government Technology\nAgency of Singapore for their assistance. \n\nFaceTime\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nFileVault\nWe would like to acknowledge Benjamin Adolphi of Promon Germany GmbH\nfor their assistance. \n\nLogin Window\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity for their assistance. \n\nPhoto Booth\nWe would like to acknowledge Wojciech Regu\u0142a (@_r3ggi) of SecuRing\nfor their assistance. \n\nSystem Preferences\nWe would like to acknowledge Mohammad Tausif Siddiqui\n(@toshsiddiqui), an anonymous researcher for their assistance. \n\nWebKit\nWe would like to acknowledge James Lee, an anonymous researcher for\ntheir assistance. \n\nWi-Fi\nWe would like to acknowledge Dana Morrison for their assistance. \n\nmacOS Monterey 12.4 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg\nEjpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI\nDyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma\nmH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+\nrQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc\n402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV\nJ23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa\n5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ\nopD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs\nZ5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f\nLHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4=\n=jaCZ\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd security and bug fix update\nAdvisory ID: RHSA-2022:6753-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6753\nIssue date: 2022-09-29\nCVE Names: CVE-2021-33193 CVE-2021-34798 CVE-2021-36160 \n CVE-2021-39275 CVE-2021-44224 CVE-2022-22719 \n CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 \n CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 \n CVE-2022-30522 CVE-2022-30556 CVE-2022-31813 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd24-httpd is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* httpd: mod_lua: Use of uninitialized value of in r:parsebody\n(CVE-2022-22719)\n\n* httpd: core: Possible buffer overflow with very large or unlimited\nLimitXMLRequestBody (CVE-2022-22721)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* httpd: mod_lua: DoS in r:parsebody (CVE-2022-29404)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: mod_lua: Information disclosure with websockets (CVE-2022-30556)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2064322 - CVE-2022-22719 httpd: mod_lua: Use of uninitialized value of in r:parsebody\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095002 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()\n2095012 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095018 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.s390x.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.s390x.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-23.el7.5.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-23.el7.5.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_session-2.4.34-23.el7.5.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-23.el7.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2022-22719\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-29404\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-30556\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/articles/6975397\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.7 Release Notes linked from the References section. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. =========================================================================\nUbuntu Security Notice USN-5333-2\nMarch 17, 2022\n\napache2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chamal De Silva discovered that the Apache HTTP Server mod_lua module\n incorrectly handled certain crafted request bodies. A remote attacker could\n possibly use this issue to cause the server to crash, resulting in a denial\n of service. (CVE-2022-22719)\n\n James Kettle discovered that the Apache HTTP Server incorrectly closed\n inbound connection when certain errors are encountered. A remote attacker\n could possibly use this issue to perform an HTTP Request Smuggling attack. \n (CVE-2022-22720)\n\n It was discovered that the Apache HTTP Server incorrectly handled large\n LimitXMLRequestBody settings on certain platforms. (CVE-2022-22721)\n\n Ronald Crane discovered that the Apache HTTP Server mod_sed module\n incorrectly handled memory. (CVE-2022-23943)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm5\n apache2-bin 2.4.18-2ubuntu3.17+esm5\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm4\n apache2-bin 2.4.7-1ubuntu4.22+esm4\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22721"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "VULHUB",
"id": "VHN-411397"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
}
],
"trust": 2.97
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411397",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411397"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-22721",
"trust": 4.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/03/14/2",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "166355",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166365",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169770",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99602154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-16119",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-876",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169845",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050324",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071320",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031504",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031727",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071970",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1158",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-41638",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411397",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170165",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "VULHUB",
"id": "VHN-411397"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "NVD",
"id": "CVE-2022-22721"
}
]
},
"id": "VAR-202203-0099",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411397"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:08:16.907000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2023-217",
"trust": 1.5,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Apache HTTP Server Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=186377"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411397"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "NVD",
"id": "CVE-2022-22721"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/2"
},
{
"trust": 1.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99602154/index.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1158"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1234"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1076"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031727"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071320"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22721/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169845/red-hat-security-advisory-2022-8067-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031416"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032127"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071970"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-integer-overflow-via-large-limitxmlrequestbody-37794"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169770/red-hat-security-advisory-2022-7647-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031504"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050324"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5333-1"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213257."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26694"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26704"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26711"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7647"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8841"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40303"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-40304"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.48-3.1ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.22"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5333-2"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-876"
},
{
"db": "VULHUB",
"id": "VHN-411397"
},
{
"db": "PACKETSTORM",
"id": "167186"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169770"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "170165"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
},
{
"db": "NVD",
"id": "CVE-2022-22721"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-22-876",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-411397",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167186",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169770",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170165",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166355",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001480",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-22721",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-876",
"ident": null
},
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-411397",
"ident": null
},
{
"date": "2022-05-17T16:58:15",
"db": "PACKETSTORM",
"id": "167186",
"ident": null
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"date": "2022-11-08T13:48:57",
"db": "PACKETSTORM",
"id": "169770",
"ident": null
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"date": "2022-12-08T21:28:21",
"db": "PACKETSTORM",
"id": "170165",
"ident": null
},
{
"date": "2022-03-17T15:54:28",
"db": "PACKETSTORM",
"id": "166355",
"ident": null
},
{
"date": "2022-03-18T15:34:37",
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1299",
"ident": null
},
{
"date": "2022-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001480",
"ident": null
},
{
"date": "2022-03-14T11:15:09.133000",
"db": "NVD",
"id": "CVE-2022-22721",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-22-876",
"ident": null
},
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-411397",
"ident": null
},
{
"date": "2022-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1299",
"ident": null
},
{
"date": "2023-12-12T07:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-001480",
"ident": null
},
{
"date": "2024-11-21T06:47:19.193000",
"db": "NVD",
"id": "CVE-2022-22721",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "166355"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001480"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1299"
}
],
"trust": 0.6
}
}
VAR-202109-1805
Vulnerability from variot - Updated: 2026-04-10 22:36Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798)
Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275)
It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"_id": null,
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"credits": {
"_id": null,
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
},
"cve": "CVE-2021-34798",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-34798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03223",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-395042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395042",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"description": {
"_id": null,
"data": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-4\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n \n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n \n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm3\n apache2-bin 2.4.18-2ubuntu3.17+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34798"
},
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-34798",
"trust": 3.2
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10379",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166321",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012040",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031528",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2352",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-02",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395042",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"id": "VAR-202109-1805",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
}
]
},
"last_update_date": "2026-04-10T22:36:56.215000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Patch for Apache HTTP Server Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313156"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171210"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-34798",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34798"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34798 log"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2142ed2ad0c6564b6dfdd2779d3117ce"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=3499da969fe529a2e6d5812690c8f102"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10379"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3405"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112902"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101308"
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2022:0891"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10379"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.1,
"url": "https://github.com/totes5706/toteshtb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166321"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03223",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-395042",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-34798",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169132",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165587",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166321",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164307",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164329",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-34798",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-395042",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798",
"ident": null
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565",
"ident": null
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132",
"ident": null
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587",
"ident": null
},
{
"date": "2022-03-15T15:50:26",
"db": "PACKETSTORM",
"id": "166321",
"ident": null
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307",
"ident": null
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"ident": null
},
{
"date": "2021-09-16T15:15:07.267000",
"db": "NVD",
"id": "CVE-2021-34798",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223",
"ident": null
},
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-395042",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798",
"ident": null
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"ident": null
},
{
"date": "2023-11-07T03:36:26.910000",
"db": "NVD",
"id": "CVE-2021-34798",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Apache HTTP Server Code Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
}
}
VAR-202109-1802
Vulnerability from variot - Updated: 2026-04-10 22:19A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2021:3856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3856 Issue date: 2021-10-14 CVE Names: CVE-2021-40438 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
- httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: httpd-2.4.6-40.el7_2.7.src.rpm
noarch: httpd-manual-2.4.6-40.el7_2.7.noarch.rpm
x86_64: httpd-2.4.6-40.el7_2.7.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm httpd-devel-2.4.6-40.el7_2.7.x86_64.rpm httpd-tools-2.4.6-40.el7_2.7.x86_64.rpm mod_ssl-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source: httpd-2.4.6-45.el7_3.6.src.rpm
noarch: httpd-manual-2.4.6-45.el7_3.6.noarch.rpm
x86_64: httpd-2.4.6-45.el7_3.6.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm httpd-devel-2.4.6-45.el7_3.6.x86_64.rpm httpd-tools-2.4.6-45.el7_3.6.x86_64.rpm mod_ssl-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: httpd-2.4.6-67.el7_4.7.src.rpm
noarch: httpd-manual-2.4.6-67.el7_4.7.noarch.rpm
x86_64: httpd-2.4.6-67.el7_4.7.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm httpd-devel-2.4.6-67.el7_4.7.x86_64.rpm httpd-tools-2.4.6-67.el7_4.7.x86_64.rpm mod_session-2.4.6-67.el7_4.7.x86_64.rpm mod_ssl-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
ppc64le: httpd-2.4.6-89.el7_6.2.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm mod_session-2.4.6-89.el7_6.2.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
ppc64le: httpd-2.4.6-90.el7_7.1.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm mod_session-2.4.6-90.el7_7.1.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.1.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64.rpm mod_session-2.4.6-97.el7_9.1.ppc64.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.1.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm mod_session-2.4.6-97.el7_9.1.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.1.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm httpd-devel-2.4.6-97.el7_9.1.s390x.rpm httpd-tools-2.4.6-97.el7_9.1.s390x.rpm mod_session-2.4.6-97.el7_9.1.s390x.rpm mod_ssl-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm mod_ldap-2.4.6-40.el7_2.7.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm mod_session-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.3):
x86_64: httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm mod_ldap-2.4.6-45.el7_3.6.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm mod_session-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm mod_ldap-2.4.6-67.el7_4.7.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm mod_ldap-2.4.6-97.el7_9.1.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa v5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF sNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF gjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx ZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT jCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l 3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9 0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ LhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo QSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7 lUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB 95kGnxWCYaA= =gPcK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
-
7) - noarch, x86_64
-
This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Refer to the Release Notes for information on the security fix included in this release. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0_s390x"
},
{
"_id": null,
"model": "enterprise linux update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux for arm 64",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux for arm 64 eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "enterprise linux server update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.4"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "sinec nms",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"_id": null,
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"_id": null,
"model": "enterprise linux update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "rocky linux",
"scope": "eq",
"trust": 1.0,
"vendor": "resf",
"version": "8.0"
},
{
"_id": null,
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.1"
},
{
"_id": null,
"model": "enterprise linux for power little endian eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.0"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"_id": null,
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"_id": null,
"model": "enterprise linux update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"_id": null,
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.7"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux server for power little endian update services for sap solutions",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux for arm 64 eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"_id": null,
"model": "enterprise linux for ibm z systems eus s390x",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.6"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "f5os",
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "storagegrid",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "hitachi ops center api configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "hitachi ops center analyzer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "oneview",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"credits": {
"_id": null,
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
}
],
"trust": 0.7
},
"cve": "CVE-2021-40438",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-40438",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-03224",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-401786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-40438",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-40438",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40438",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40438",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-40438",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-40438",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2021-40438",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1094",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-401786",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"description": {
"_id": null,
"data": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2021:3856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3856\nIssue date: 2021-10-14\nCVE Names: CVE-2021-40438 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7, Red\nHat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update\nSupport, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat\nEnterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise\nLinux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7\nAdvanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.7 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n(CVE-2021-40438)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nhttpd-2.4.6-40.el7_2.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-40.el7_2.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-devel-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-tools-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ssl-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.3):\n\nSource:\nhttpd-2.4.6-45.el7_3.6.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-45.el7_3.6.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-devel-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-tools-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ssl-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nhttpd-2.4.6-67.el7_4.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-67.el7_4.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-devel-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-tools-2.4.6-67.el7_4.7.x86_64.rpm\nmod_session-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ssl-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_session-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_session-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.1.s390x.rpm\nmod_session-2.4.6-97.el7_9.1.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ldap-2.4.6-40.el7_2.7.x86_64.rpm\nmod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm\nmod_session-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3):\n\nx86_64:\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ldap-2.4.6-45.el7_3.6.x86_64.rpm\nmod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm\nmod_session-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ldap-2.4.6-67.el7_4.7.x86_64.rpm\nmod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.1.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40438\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa\nv5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF\nsNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF\ngjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx\nZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT\njCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l\n3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9\n0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ\nLhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo\nQSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7\nlUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB\n95kGnxWCYaA=\n=gPcK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. 7) - noarch, x86_64\n\n3. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. Refer to the Release Notes for information on the security fix\nincluded in this release. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40438"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164460"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
}
],
"trust": 3.69
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-40438",
"trust": 5.5
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-25-259-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99030761",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22691",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-812",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164513",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164505",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164460",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164448",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3429",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3784",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3524",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3373",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041953",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112904",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101340",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101906",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102601",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101116",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021111732",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-401786",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164443",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164460"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"id": "VAR-202109-1802",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
}
]
},
"last_update_date": "2026-04-10T22:19:03.696000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2021-139",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us\u0026docLocale=en_US"
},
{
"title": "Patch for Apache HTTP Server mod_proxy server request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313356"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178533"
},
{
"title": "Red Hat: CVE-2021-40438",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-40438"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-40438 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager\u00ef\u00bc\u0152Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-139"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "CVE-2021-40438 exploit PoC with Docker setup",
"trust": 0.1,
"url": "https://github.com/sixpacksecurity/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/gassara-kys/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/Kashkovsky/CVE-2021-40438 "
},
{
"title": "scan_ssrf.sh",
"trust": 0.1,
"url": "https://github.com/vsh00t/BB-PoC "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/xiaojiangxl/CVE-2021-40438 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
},
{
"problemtype": "Server-side request forgery (CWE-918) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40438"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-40438"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99030761/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-259-04"
},
{
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us\u0026doclocale=en_us"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164505/red-hat-security-advisory-2021-3836-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112904"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3524"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041953"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528442"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021111732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3429"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164448/red-hat-security-advisory-2021-3746-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3373"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102601"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101116"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164460/red-hat-security-advisory-2021-3754-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6493841"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164513/red-hat-security-advisory-2021-3856-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3366"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011836"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101340"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3754"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3745"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164460"
},
{
"db": "PACKETSTORM",
"id": "164443"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-24-812",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2022-03224",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-401786",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-40438",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164513",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164493",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164505",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164460",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164443",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164307",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164318",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004150",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-40438",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2024-06-18T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812",
"ident": null
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-401786",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438",
"ident": null
},
{
"date": "2021-10-14T15:26:45",
"db": "PACKETSTORM",
"id": "164513",
"ident": null
},
{
"date": "2021-10-13T14:52:48",
"db": "PACKETSTORM",
"id": "164493",
"ident": null
},
{
"date": "2021-10-13T15:23:01",
"db": "PACKETSTORM",
"id": "164505",
"ident": null
},
{
"date": "2021-10-11T14:23:47",
"db": "PACKETSTORM",
"id": "164460",
"ident": null
},
{
"date": "2021-10-08T15:12:22",
"db": "PACKETSTORM",
"id": "164443",
"ident": null
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307",
"ident": null
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1094",
"ident": null
},
{
"date": "2021-11-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004150",
"ident": null
},
{
"date": "2021-09-16T15:15:07.633000",
"db": "NVD",
"id": "CVE-2021-40438",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812",
"ident": null
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224",
"ident": null
},
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-401786",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438",
"ident": null
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1094",
"ident": null
},
{
"date": "2025-09-22T01:14:00",
"db": "JVNDB",
"id": "JVNDB-2021-004150",
"ident": null
},
{
"date": "2025-10-27T17:37:06.747000",
"db": "NVD",
"id": "CVE-2021-40438",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 Vulnerability that allows requests to be forwarded to an origin server selected by a remote user",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004150"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1094"
}
],
"trust": 0.6
}
}
VAR-200908-0708
Vulnerability from variot - Updated: 2026-04-10 22:17Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.
This update provides fixes for these vulnerabilities.
Update:
apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955).
Packages for 2008.0 are being provided due to extended support for Corporate products.
The updated packages have been patched to prevent this.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
Updated Packages:
Mandriva Linux 2008.0: d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy wuYdtSQeV/bOOP7w17qo2V0= =V8dA -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows:
Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas.
Summary:
Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion.
Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update.
This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear).
Known vulnerable:
Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive).
Known fixed:
Subversion 1.6.4 Subversion 1.5.7
(Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.)
Details:
The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow.
Severity:
A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client.
Recommendations:
We recommend all users to upgrade to Subversion 1.6.4.
We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from http://www.apache.org/dist/apr/patches/.
New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html
References:
CVE-2009-2411 (Subversion) CVE-2009-2412 (APR)
Reported by:
Matt Lewis, Google.
Patches:
This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile):
[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; };
+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)
/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.
This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits. High-order data bits are
@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont;
- assert(val >= 0);
- SVN_ERR_ASSERT_NO_RETURN(val >= 0);
/ Figure out how many bytes we'll need. / v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; }
- SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
- char buf[128], *p;
- char buf[MAX_ENCODED_INT_LEN], *p;
p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;
@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t val, data is not compressed. /
static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi
instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
instout = svn_stringbuf_create("", pool);
- SVN_ERR(zlib_decode(instin, instout));
-
SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));
ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));
newlen = ndout->len; data = (unsigned char )instout->data; @@ -685,6 +712,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;
-
if (tview_len > SVN_DELTA_WINDOW_SIZE ||
- sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
-
_("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));
-
if (*tview_len > SVN_DELTA_WINDOW_SIZE ||
- *sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- *inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
- _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */
/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -557,8 +557,11 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(buf_size) >= buf_size); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }
@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));
/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));
/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;
/* Make sure there's enough room. */
- size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
- SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
-
ab->pool));
/ If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]]
This patch applies to Subversion 1.5.x:
[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; };
+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)
/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.
This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits. High-order data bits are
@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; }
- assert(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
- char buf[128], *p;
- char buf[MAX_ENCODED_INT_LEN], *p;
p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;
@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t val, data is not compressed. /
static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi
instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
instout = svn_stringbuf_create("", pool);
- SVN_ERR(zlib_decode(instin, instout));
-
SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));
ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));
newlen = ndout->len; data = (unsigned char )instout->data; @@ -680,6 +707,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;
-
if (tview_len > SVN_DELTA_WINDOW_SIZE ||
- sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
-
_("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));
-
if (*tview_len > SVN_DELTA_WINDOW_SIZE ||
- *sview_len > SVN_DELTA_WINDOW_SIZE ||
- / for svndiff1, newlen includes the original length /
- *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
- *inslen > MAX_INSTRUCTION_SECTION_LEN)
- return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
- _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */
/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -507,8 +507,13 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + if (APR_ALIGN_DEFAULT(buf_size) < buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }
@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));
/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));
/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;
/* Make sure there's enough room. */
- size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
- SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
-
ab->pool));
/ If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. -------------------------------------------------------------------
Description
Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks.
Impact
A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Apache Portable Runtime users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8
All APR Utility Library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9
References
[ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200909-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7
After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes.
Details follow:
USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 229124 400d32297652e4976456cb7b367cc435
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 37096 2756f162320b3b183c7447dad130cff9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 37098 15db8827569af434025942a84e77b381
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 262652 93f2171d69072153264cab51860f781c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 804250 3a780a65322c539717e93a64792acc16
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.8"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.7"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.5"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.3.4"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.6"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.1"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.3.2"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.7"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "0.9.7-dev"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "1.3.3"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "0.9.16"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4-dev"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3-dev"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.1"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.5"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.8"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.5"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.7-dev"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.6"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.16-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.8"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.5"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.3"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.4"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.9"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.8"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.2-dev"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6-dev"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.9"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.3"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "0.9.4"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "0.9.x"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.x"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "0.9.x"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.x"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.39"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.39"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0.0.7"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"_id": null,
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"_id": null,
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "( extended maintenance )"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"_id": null,
"model": "interscan messaging security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.x"
},
{
"_id": null,
"model": "interscan messaging security virtual appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.0"
},
{
"_id": null,
"model": "trendmicro interscan messaging security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.3.z (server)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux eus 5.3.z server",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux es 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux as 4.8.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20080"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.17"
},
{
"_id": null,
"model": "apr-util",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.7"
},
{
"_id": null,
"model": "portable runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9.18"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "2.2.7-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "opensolaris build snv 122",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:portable_runtime",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:apr-util",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_virtual_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
}
]
},
"credits": {
"_id": null,
"data": "Matt Lewis\u203b mattlewis@google.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 0.6
},
"cve": "CVE-2009-2412",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-2412",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2412",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-2412",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-530",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"description": {
"_id": null,
"data": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and \u0027APR-util\u0027 are prone to multiple integer-overflow vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. \n \n This update provides fixes for these vulnerabilities. \n\n Update:\n\n apr-util packages were missing for Mandriva Enterprise Server 5 i586,\n this has been adressed with this update. (CVE-2009-0023). \n \n The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in\n Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn\n modules in the Apache HTTP Server, allows remote attackers to\n cause a denial of service (memory consumption) via a crafted XML\n document containing a large number of nested entity references, as\n demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564\n (CVE-2009-1955). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n The updated packages have been patched to prevent this. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm\n bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm\n 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm\n 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm\n ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm\n 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm\n b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm \n 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm\n 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm\n b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm\n 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm\n 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm\n a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm\n c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm\n 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm \n 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm\n 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy\nwuYdtSQeV/bOOP7w17qo2V0=\n=V8dA\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. Subversion clients and servers, versions 1.6.0 - 1.6.3 and all\nversions \u003c 1.5.7, are vulnerable to several heap overflow problems\nwhich may lead to remote code execution. The official advisory\n(mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt)\nfollows:\n\n\n Subversion clients and servers up to 1.6.3 (inclusive) have heap\n overflow issues in the parsing of binary deltas. \n\nSummary:\n========\n\n Subversion clients and servers have multiple heap overflow issues in\n the parsing of binary deltas. This is related to an allocation\n vulnerability in the APR library used by Subversion. \n\n Clients with commit access to a vulnerable server can cause a remote\n heap overflow; servers can cause a heap overflow on vulnerable\n clients that try to do a checkout or update. \n\n This can lead to a DoS (an exploit has been tested) and to arbitrary\n code execution (no exploit tested, but the possibility is clear). \n\nKnown vulnerable:\n=================\n\n Subversion clients and servers \u003c= 1.5.6. \n Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). \n\nKnown fixed:\n============\n\n Subversion 1.6.4\n Subversion 1.5.7\n\n (Search for \"Patch\" below to see the patches from 1.6.3 -\u003e 1.6.4 and\n 1.5.6 -\u003e 1.5.7. Search for \"Recommendations\" to get URLs for the\n 1.6.4 release and associated APR library patch.)\n\nDetails:\n========\n\n The libsvn_delta library does not contain sufficient input validation\n of svndiff streams. If a stream with large windows is processed,\n one of several integer overflows may lead to some boundary checks\n incorrectly passing, which in turn can lead to a heap overflow. \n\nSeverity:\n=========\n\n A remote attacker with commit access to repository may be able to\n execute code on a Subversion server. A malicious server may be able to\n execute code on a Subversion client. \n\nRecommendations:\n================\n\n We recommend all users to upgrade to Subversion 1.6.4. \n\n We recommend all users to upgrade to the latest versions of APR and\n APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR\n installation from \u003chttp://www.apache.org/dist/apr/patches/\u003e. \n\n New Subversion packages can be found at:\n http://subversion.tigris.org/project_packages.html\n\nReferences:\n===========\n\n CVE-2009-2411 (Subversion)\n CVE-2009-2412 (APR)\n\nReported by:\n============\n\n Matt Lewis, Google. \n\nPatches:\n========\n\n This patch applies to Subversion 1.6.x (apply with patch -p0 \u003c patchfile):\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38519)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -60,10 +60,23 @@ struct encoder_baton {\n apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+ encode_int can generate; it is sufficient for creating buffers for\n+ it to write into. This assumes that integers are at most 64 bits,\n+ and so 10 bytes (with 7 bits of information each) are sufficient to\n+ represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+ section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+ 1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n integer format. Return the incremented value of P after the\n- encoded bytes have been written. \n+ encoded bytes have been written. P must point to a buffer of size\n+ at least MAX_ENCODED_INT_LEN. \n\n This encoding uses the high bit of each byte as a continuation bit\n and the other seven bits as data bits. High-order data bits are\n@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val)\n svn_filesize_t v;\n unsigned char cont;\n\n- assert(val \u003e= 0);\n+ SVN_ERR_ASSERT_NO_RETURN(val \u003e= 0);\n\n /* Figure out how many bytes we\u0027ll need. */\n v = val \u003e\u003e 7;\n@@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val)\n n++;\n }\n\n+ SVN_ERR_ASSERT_NO_RETURN(n \u003c= MAX_ENCODED_INT_LEN);\n+\n /* Encode the remaining bytes; n is always the number of bytes\n coming after the one we\u0027re encoding. */\n while (--n \u003e= 0)\n@@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n- char buf[128], *p;\n+ char buf[MAX_ENCODED_INT_LEN], *p;\n\n p = encode_int(buf, val);\n svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void\n svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n const svn_string_t *newdata;\n- char ibuf[128], *ip;\n+ char ibuf[MAX_INSTRUCTION_LEN], *ip;\n const svn_txdelta_op_t *op;\n apr_size_t len;\n\n@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -365,6 +382,8 @@ decode_size(apr_size_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -382,7 +401,7 @@ decode_size(apr_size_t *val,\n data is not compressed. */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n apr_size_t len;\n char *oldplace = in-\u003edata;\n@@ -390,6 +409,13 @@ static svn_error_t *\n /* First thing in the string is the original length. */\n in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n (unsigned char *)in-\u003edata+in-\u003elen);\n+ if (in-\u003edata == NULL)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed:\nno size\"));\n+ if (len \u003e limit)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed: \"\n+ \"size too large\"));\n /* We need to subtract the size of the encoded original length off the\n * still remaining input length. */\n in-\u003elen -= (in-\u003edata - oldplace);\n@@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst,\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n- else if (op.length \u003c= 0)\n+ else if (op.length == 0)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n- _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+ _(\"Invalid diff stream: insn %d has length zero\"), n);\n else if (op.length \u003e tview_len - tpos)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst,\n switch (op.action_code)\n {\n case svn_txdelta_source:\n- if (op.length \u003e sview_len - op.offset)\n+ if (op.length \u003e sview_len - op.offset ||\n+ op.offset \u003e sview_len)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: \"\n@@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n instout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(instin, instout));\n+ SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n ndout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(ndin, ndout));\n+ SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n newlen = ndout-\u003elen;\n data = (unsigned char *)instout-\u003edata;\n@@ -685,6 +712,14 @@ write_handler(void *baton,\n if (p == NULL)\n return SVN_NO_ERROR;\n\n+ if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n || sview_len + tview_len \u003c sview_len\n@@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files\n SVN_ERR(read_one_size(inslen, stream));\n SVN_ERR(read_one_size(newlen, stream));\n\n+ if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c (revision 38519)\n+++ subversion/libsvn_delta/text_delta.c (working copy)\n@@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas. */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes. */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size,\n *buf_size *= 2;\n if (*buf_size \u003c view_len)\n *buf_size = view_len;\n+ SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) \u003e= *buf_size);\n *buf = apr_palloc(pool, *buf_size);\n }\n+\n+ return SVN_NO_ERROR;\n }\n\n\n@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n /* Make sure there\u0027s enough room in the target buffer. */\n- size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n /* Prepare the source buffer for reading from the input stream. */\n if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n char *old_sbuf = ab-\u003esbuf;\n\n /* Make sure there\u0027s enough room. */\n- size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+ ab-\u003epool));\n\n /* If the existing view overlaps with the new view, copy the\n * overlap to the beginning of the new buffer. */\n]]]\n\n\n This patch applies to Subversion 1.5.x:\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38498)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -55,10 +55,23 @@ struct encoder_baton {\n apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+ encode_int can generate; it is sufficient for creating buffers for\n+ it to write into. This assumes that integers are at most 64 bits,\n+ and so 10 bytes (with 7 bits of information each) are sufficient to\n+ represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+ section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+ 1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n integer format. Return the incremented value of P after the\n- encoded bytes have been written. \n+ encoded bytes have been written. P must point to a buffer of size\n+ at least MAX_ENCODED_INT_LEN. \n\n This encoding uses the high bit of each byte as a continuation bit\n and the other seven bits as data bits. High-order data bits are\n@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val)\n n++;\n }\n\n+ assert(n \u003c= MAX_ENCODED_INT_LEN);\n+\n /* Encode the remaining bytes; n is always the number of bytes\n coming after the one we\u0027re encoding. */\n while (--n \u003e= 0)\n@@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n- char buf[128], *p;\n+ char buf[MAX_ENCODED_INT_LEN], *p;\n\n p = encode_int(buf, val);\n svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void\n svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n const svn_string_t *newdata;\n- char ibuf[128], *ip;\n+ char ibuf[MAX_INSTRUCTION_LEN], *ip;\n const svn_txdelta_op_t *op;\n apr_size_t len;\n\n@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -360,6 +377,8 @@ decode_size(apr_size_t *val,\n const unsigned char *p,\n const unsigned char *end)\n {\n+ if (p + MAX_ENCODED_INT_LEN \u003c end)\n+ end = p + MAX_ENCODED_INT_LEN;\n /* Decode bytes until we\u0027re done. */\n *val = 0;\n while (p \u003c end)\n@@ -377,7 +396,7 @@ decode_size(apr_size_t *val,\n data is not compressed. */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n apr_size_t len;\n char *oldplace = in-\u003edata;\n@@ -385,6 +404,13 @@ static svn_error_t *\n /* First thing in the string is the original length. */\n in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n (unsigned char *)in-\u003edata+in-\u003elen);\n+ if (in-\u003edata == NULL)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed:\nno size\"));\n+ if (len \u003e limit)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+ _(\"Decompression of svndiff data failed: \"\n+ \"size too large\"));\n /* We need to subtract the size of the encoded original length off the\n * still remaining input length. */\n in-\u003elen -= (in-\u003edata - oldplace);\n@@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst,\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n- else if (op.length \u003c= 0)\n+ else if (op.length == 0)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n- _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+ _(\"Invalid diff stream: insn %d has length zero\"), n);\n else if (op.length \u003e tview_len - tpos)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst,\n switch (op.action_code)\n {\n case svn_txdelta_source:\n- if (op.length \u003e sview_len - op.offset)\n+ if (op.length \u003e sview_len - op.offset ||\n+ op.offset \u003e sview_len)\n return svn_error_createf\n (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n _(\"Invalid diff stream: \"\n@@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n instout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(instin, instout));\n+ SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n ndout = svn_stringbuf_create(\"\", pool);\n- SVN_ERR(zlib_decode(ndin, ndout));\n+ SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n newlen = ndout-\u003elen;\n data = (unsigned char *)instout-\u003edata;\n@@ -680,6 +707,14 @@ write_handler(void *baton,\n if (p == NULL)\n return SVN_NO_ERROR;\n\n+ if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n || sview_len + tview_len \u003c sview_len\n@@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files\n SVN_ERR(read_one_size(inslen, stream));\n SVN_ERR(read_one_size(newlen, stream));\n\n+ if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+ /* for svndiff1, newlen includes the original length */\n+ *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+ *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+ return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+ _(\"Svndiff contains a too-large window\"));\n+\n /* Check for integer overflow. */\n if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c (revision 38498)\n+++ subversion/libsvn_delta/text_delta.c (working copy)\n@@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas. */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes. */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size,\n *buf_size *= 2;\n if (*buf_size \u003c view_len)\n *buf_size = view_len;\n+ if (APR_ALIGN_DEFAULT(*buf_size) \u003c *buf_size)\n+ return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n+ \"Diff stream resulted in invalid\nbuffer size.\");\n *buf = apr_palloc(pool, *buf_size);\n }\n+\n+ return SVN_NO_ERROR;\n }\n\n\n@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n /* Make sure there\u0027s enough room in the target buffer. */\n- size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n /* Prepare the source buffer for reading from the input stream. */\n if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n char *old_sbuf = ab-\u003esbuf;\n\n /* Make sure there\u0027s enough room. */\n- size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+ SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+ ab-\u003epool));\n\n /* If the existing view overlaps with the new view, copy the\n * overlap to the beginning of the new buffer. */\n]]]\n. The Apache Portable Runtime\nUtility Library (aka APR-Util) provides an interface to functionality\nsuch as XML parsing, string matching and databases connections. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/apr \u003c 1.3.8 \u003e= 1.3.8\n 2 dev-libs/apr-util \u003c 1.3.9 \u003e= 1.3.9\n -------------------------------------------------------------------\n 2 affected packages on all of their supported architectures. \n -------------------------------------------------------------------\n\nDescription\n===========\n\nMatt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),\napr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of\nAPR-Util and in memory/unix/apr_pools.c of APR, both occurring when\naligning memory blocks. \n\nImpact\n======\n\nA remote attacker could entice a user to connect to a malicious server\nwith software that uses the APR or act as a malicious client to a\nserver that uses the APR (such as Subversion or Apache servers),\npossibly resulting in the execution of arbitrary code with the\nprivileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Portable Runtime users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8\n\nAll APR Utility Library users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9\n\nReferences\n==========\n\n [ 1 ] CVE-2009-2412\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200909-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-813-2 August 08, 2009\napache2 vulnerability\nCVE-2009-2412\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n libapr0 2.0.55-4ubuntu2.7\n\nAfter a standard system upgrade you need to restart any applications using\napr, such as Subversion and Apache, to effect the necessary changes. \n\nDetails follow:\n\nUSN-813-1 fixed vulnerabilities in apr. This update provides the\ncorresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz\n Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc\n Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb\n Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 229124 400d32297652e4976456cb7b367cc435\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 37096 2756f162320b3b183c7447dad130cff9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb\n Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 37098 15db8827569af434025942a84e77b381\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 262652 93f2171d69072153264cab51860f781c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb\n Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb\n Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 804250 3a780a65322c539717e93a64792acc16\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb\n Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2412"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "BID",
"id": "35949"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80125"
},
{
"db": "PACKETSTORM",
"id": "83432"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-2412",
"trust": 3.4
},
{
"db": "BID",
"id": "35949",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "36138",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "36140",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "56766",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "56765",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "37152",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "37221",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "36233",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "36166",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "80092",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80125",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83432",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80232",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81085",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80227",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80226",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80125"
},
{
"db": "PACKETSTORM",
"id": "83432"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"id": "VAR-200908-0708",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17203079500000001
},
"last_update_date": "2026-04-10T22:17:36.369000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.0.64",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
},
{
"title": "Apache 2.2.13 Released",
"trust": 0.8,
"url": "http://httpd.apache.org/#2.2.13"
},
{
"title": "1.3.x/CHANGES",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?revision=800735\u0026view=markup"
},
{
"title": "0.9.x/CHANGES",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/CHANGES?revision=800736\u0026view=markup"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937?viewlocale=ja_JP"
},
{
"title": "apr-1.2.7-11AXS3.1",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=730"
},
{
"title": "apr-util-1.2.7-7AXS3.2",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=731"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "7014506",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506#7007"
},
{
"title": "7014463",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7007"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876##60239"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "PK93225",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK93225\u0026loc=en_US"
},
{
"title": "1761",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1761"
},
{
"title": "1768",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1768"
},
{
"title": "1769",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1769"
},
{
"title": "RHSA-2009:1204",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1204.html"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1205.html"
},
{
"title": "cve_2010_0740_record_of",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_0740_record_of"
},
{
"title": "readme_imss71_lin_criticalpatch_b12531",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/71/readme_imss71_lin_criticalpatch_b12531.txt"
},
{
"title": "readme_imss70_lin_criticalpatch_b33791",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_criticalpatch_b33791.txt"
},
{
"title": "readme_imss70_sol_criticalpatch_b81651",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_criticalpatch_b81651.txt"
},
{
"title": "readme_imss70_win_criticalpatch_b63681",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/win/70/readme_imss70_win_criticalpatch_b63681.txt"
},
{
"title": "TLSA-2010-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-30j.txt"
},
{
"title": "JP-2076110",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/Pages/JP-2076110.aspx"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1205J.html"
},
{
"title": "RHSA-2009:1204",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1204J.html"
},
{
"title": "interstage_as_201103",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201103.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-189",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/36140"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/36138"
},
{
"trust": 2.4,
"url": "http://osvdb.org/56765"
},
{
"trust": 2.4,
"url": "http://osvdb.org/56766"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/35949"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/changes?revision=800733\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/changes?revision=800732\u0026view=markup"
},
{
"trust": 1.9,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht3937"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk99482"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/37152"
},
{
"trust": 1.6,
"url": "http://www.ubuntu.com/usn/usn-813-2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/37221"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9958"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/36166"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00353.html"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8394"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/36233"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:195"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
},
{
"trust": 1.6,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00320.html"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2412"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2412"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2412"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/cve_2010_0740_record_of"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1204"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1205"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2009-2412"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1462"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0602"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.3,
"url": "http://www.mail-archive.com/dev@httpd.apache.org/msg44737.html"
},
{
"trust": 0.3,
"url": "http://apr.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.13"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1204.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1462.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0023"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1956"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0023"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1955"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1956"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1955"
},
{
"trust": 0.1,
"url": "http://www.apache.org/dist/apr/patches/\u003e."
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/project_packages.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2411"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/security/cve-2009-2411-advisory.txt)"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-200909-03.xml"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc"
}
],
"sources": [
{
"db": "BID",
"id": "35949"
},
{
"db": "PACKETSTORM",
"id": "80092"
},
{
"db": "PACKETSTORM",
"id": "80125"
},
{
"db": "PACKETSTORM",
"id": "83432"
},
{
"db": "PACKETSTORM",
"id": "80232"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
},
{
"db": "NVD",
"id": "CVE-2009-2412"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "BID",
"id": "35949",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80092",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80125",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83432",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80232",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "81085",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80227",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80226",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002016",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-2412",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-08-05T00:00:00",
"db": "BID",
"id": "35949",
"ident": null
},
{
"date": "2009-08-06T17:50:34",
"db": "PACKETSTORM",
"id": "80092",
"ident": null
},
{
"date": "2009-08-07T15:40:27",
"db": "PACKETSTORM",
"id": "80125",
"ident": null
},
{
"date": "2009-12-04T06:31:56",
"db": "PACKETSTORM",
"id": "83432",
"ident": null
},
{
"date": "2009-08-11T01:34:56",
"db": "PACKETSTORM",
"id": "80232",
"ident": null
},
{
"date": "2009-09-10T00:41:18",
"db": "PACKETSTORM",
"id": "81085",
"ident": null
},
{
"date": "2009-08-11T01:24:32",
"db": "PACKETSTORM",
"id": "80227",
"ident": null
},
{
"date": "2009-08-11T01:05:43",
"db": "PACKETSTORM",
"id": "80226",
"ident": null
},
{
"date": "2009-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-530",
"ident": null
},
{
"date": "2009-09-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002016",
"ident": null
},
{
"date": "2009-08-06T15:30:00.280000",
"db": "NVD",
"id": "CVE-2009-2412",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-04-13T21:40:00",
"db": "BID",
"id": "35949",
"ident": null
},
{
"date": "2023-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-530",
"ident": null
},
{
"date": "2011-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002016",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2412",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "80125"
},
{
"db": "PACKETSTORM",
"id": "81085"
},
{
"db": "PACKETSTORM",
"id": "80227"
},
{
"db": "PACKETSTORM",
"id": "80226"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "APR Library and APR-util Integer overflow vulnerability in the library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002016"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-530"
}
],
"trust": 0.6
}
}
VAR-200801-0561
Vulnerability from variot - Updated: 2026-04-10 22:12Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users' browsers to arbitrary locations, which may aid in phishing attacks. The issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publically available (CVE-2007-6388).
A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled (CVE-2007-6421).
Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM (CVE-2007-6422).
A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled (CVE-2008-0005).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
Updated Packages:
Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm
Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm
Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm
Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01607570 Version: 1
HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-11-19 Last Updated: 2008-11-19
Potential Security Impact: Remote cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).
References: CVE-2007-6388, CVE-2007-5000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has made patches available to resolve the vulnerabilities.
The patches are available from http://itrc.hp.com
OV NNM v7.53
Operating_System - HP-UX (IA) Resolved in Patch - PHSS_38148 or subsequent
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38147 or subsequent
Operating_System - Linux RedHatAS2.1 Resolved in Patch - LXOV_00085 or subsequent
Operating_System - Linux RedHat4AS-x86_64 Resolved in Patch - LXOV_00086 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03514 or subsequent
OV NNM v7.51
Upgrade to NNM v7.53 and install the patches listed above.
OV NNM v7.01
Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38761 or subsequent
Operating_System - Solaris Resolved in Patch - PSOV_03516 or subsequent
MANUAL ACTIONS: Yes - NonUpdate Apply the appropriate file as described in the Resolution.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) ============= OVNNMgr.OVNNM-RUN action: install PHSS_38148 or subsequent URL: http://itrc.hp.com
HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38147 or subsequent URL: http://itrc.hp.com
For HP-UX OV NNM 7.51 HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches
For HP-UX OV NNM 7.01 HP-UX B.11.00 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38761 or subsequent URL: http://itrc.hp.com
END AFFECTED VERSIONS (for HP-UX)
HISTORY Version:1 (rev.1) - 19 November 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs A2UIaH3YB7z+o42Tm7Eg7ahn =lskD -----END PGP SIGNATURE----- . The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
mod_status : http://httpd.apache.org/docs/2.0/mod/mod_status.html
-
From apache site : "The Status module allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state."
-
--- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---
During the fact that Apache mod_status do not filter char ";" we can inject new URL. This fact give attacker open redirector and can lead to phishing attack. Also attacker can create more advanced method to trigger XSS on victim's browser. Exploit ---
SecurityReason is not going to release a exploit to the general public. Exploit was provided and tested for Apache Team . References ---
A Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein
- --- 5. Greets ---
For: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp
- --- 6. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.39"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "2.2.7-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"_id": null,
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.34"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.28"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.1x86"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.7"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.2"
},
{
"_id": null,
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "networks self-service peri application",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "appliance server hosting edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "networks self-service wvads",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "-dev",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.35"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.35"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.22"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.9"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "1.3.40-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.51"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.20"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.26"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.25"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.53"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.14"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.1"
},
{
"_id": null,
"model": "hardware management console for pseries r1.3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.33"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.11"
},
{
"_id": null,
"model": "network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "8.1"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "networks self-service speech server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.36"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"_id": null,
"model": "hardware management console for iseries r1.3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "application stack for enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3)4.2"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "appliance server workgroup edition",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "1.0"
},
{
"_id": null,
"model": "openview network node manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.01"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.12"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "2.0.61-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "2.0.62-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "networks self-service peri workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.24"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "application stack for enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.23"
},
{
"_id": null,
"model": "network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.01"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.39"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.19"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.18"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "ccs",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.27"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3)4.2"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "networks self-service web centric ccxml",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": null
},
{
"_id": null,
"model": "networks self service voicexml",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.37"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.1x86-64"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.32"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.29"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.6"
},
{
"_id": null,
"model": "2.0.60-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "networks self-service media processing server",
"scope": "eq",
"trust": 0.3,
"vendor": "nortel",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.17"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.41"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.3.28.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.31"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
}
],
"sources": [
{
"db": "BID",
"id": "27237"
},
{
"db": "NVD",
"id": "CVE-2007-6388"
}
]
},
"credits": {
"_id": null,
"data": "sp3x is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "27237"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6388",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6388",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6388",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-6388",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6388"
},
{
"db": "NVD",
"id": "CVE-2007-6388"
}
]
},
"description": {
"_id": null,
"data": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Reportedly, attackers can also use this issue to redirect users\u0027 browsers to arbitrary locations, which may aid in phishing attacks. \nThe issue affects versions prior to Apache 2.2.7-dev, 2.0.62-dev, and 1.3.40-dev. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n \n A flaw found in the mod_status module could lead to a cross-site\n scripting attack on sites where mod_status was enabled and the status\n pages were publically available (CVE-2007-6388). \n \n A flaw found in the mod_proxy_balancer module could lead to a\n cross-site scripting attack against an authorized user on sites where\n mod_proxy_balancer was enabled (CVE-2007-6421). \n \n Another flaw in the mod_proxy_balancer module was found where,\n on sites with the module enabled, an authorized user could send a\n carefully crafted request that would cause the apache child process\n handling the request to crash, which could lead to a denial of service\n if using a threaded MPM (CVE-2007-6422). \n \n A flaw found in the mod_proxy_ftp module could lead to a cross-site\n scripting attack against web browsers which do not correctly derive\n the response character set following the rules in RFC 2616, on sites\n where the mod_proxy_ftp module was enabled (CVE-2008-0005). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm\n cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm\n f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm\n 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm\n 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm\n 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm\n 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm\n fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm\n 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm\n a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm\n cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm\n 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm\n 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm\n 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm\n dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm\n eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm\n ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm\n 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm\n ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm\n 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm\n 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm\n a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm\n b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm\n da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm\n df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm\n c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm\n a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm\n e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm\n 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm\n a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm\n e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm \n f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm\n 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm\n 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm\n 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm\n 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm\n 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm\n 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm\n f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm\n a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm\n 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm\n bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm\n 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm\n 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm\n cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm\n 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm\n 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm\n ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm\n 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm\n 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm\n ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm\n a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm\n d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm\n 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm\n 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm\n b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm\n 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm\n 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm\n c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm\n 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm\n e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm\n 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm\n ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm\n 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm\n 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm \n a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm\n f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm\n 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm\n 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm\n eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm\n 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm\n cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm\n 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm\n ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm\n 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm\n 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm\n 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm\n 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm\n 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm\n 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm\n 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm\n 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm\n ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm\n 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm\n c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm\n 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm\n 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm\n 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm\n 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm\n 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm\n e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm\n 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm\n 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm\n c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm\n 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm\n e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm\n 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm\n e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm\n 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm\n d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm\n e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm \n 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm\n\n Corporate 4.0:\n 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm\n 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm\n 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm\n 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm\n 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm\n 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm\n eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm\n 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm\n b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm\n b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm\n 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm\n afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm\n 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm\n eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm\n 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm\n 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm\n dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm\n ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm\n e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm\n d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm\n bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm\n 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm\n f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm \n ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01607570\nVersion: 1\n\nHPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2008-11-19\nLast Updated: 2008-11-19\n\nPotential Security Impact: Remote cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). \n\nReferences: CVE-2007-6388, CVE-2007-5000\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has made patches available to resolve the vulnerabilities. \n\nThe patches are available from http://itrc.hp.com \n\nOV NNM v7.53 \n===========\nOperating_System - HP-UX (IA)\nResolved in Patch - PHSS_38148 or subsequent\n \nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38147 or subsequent\n \nOperating_System - Linux RedHatAS2.1 \nResolved in Patch - LXOV_00085 or subsequent\n \nOperating_System - Linux RedHat4AS-x86_64 \nResolved in Patch - LXOV_00086 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03514 or subsequent\n \nOV NNM v7.51 \n===========\nUpgrade to NNM v7.53 and install the patches listed above. \n\nOV NNM v7.01 \n===========\nOperating_System - HP-UX (PA)\nResolved in Patch - PHSS_38761 or subsequent\n \nOperating_System - Solaris\nResolved in Patch - PSOV_03516 or subsequent\n \n\nMANUAL ACTIONS: Yes - NonUpdate \nApply the appropriate file as described in the Resolution. \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS (for HP-UX)\n\nFor HP-UX OV NNM 7.53 \nHP-UX B.11.31 \nHP-UX B.11.23 (IA) \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38148 or subsequent \nURL: http://itrc.hp.com \n\nHP-UX B.11.23 (PA) \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38147 or subsequent \nURL: http://itrc.hp.com \n\nFor HP-UX OV NNM 7.51 \nHP-UX B.11.31 \nHP-UX B.11.23 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches \n\nFor HP-UX OV NNM 7.01 \nHP-UX B.11.00 \nHP-UX B.11.11 \n============= \nOVNNMgr.OVNNM-RUN \naction: install PHSS_38761 or subsequent \nURL: http://itrc.hp.com \n\nEND AFFECTED VERSIONS (for HP-UX)\n\nHISTORY \nVersion:1 (rev.1) - 19 November 2008 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2008 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs\nA2UIaH3YB7z+o42Tm7Eg7ahn\n=lskD\n-----END PGP SIGNATURE-----\n. The goal of this project is to\nprovide a secure, efficient and extensible server that provides\nHTTP services in sync with the current HTTP standards. \n\nApache has been the most popular web server on the Internet since\nApril 1996. The November 2005 Netcraft Web Server Survey found\nthat more than 70% of the web sites on the Internet are using\nApache, thus making it more widely used than all other web\nservers combined. \n\nmod_status : http://httpd.apache.org/docs/2.0/mod/mod_status.html\n\n- From apache site : \"The Status module allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh (given a compatible browser). Another page gives a simple machine-readable list of the current server state.\"\n\n- --- 1. Apache Refresh Header - Open Redirector (XSS) Vulnerability ---\n\nDuring the fact that Apache mod_status do not filter char \";\" we can inject new URL. \nThis fact give attacker open redirector and can lead to phishing attack. \nAlso attacker can create more advanced method to trigger XSS on victim\u0027s browser. Exploit ---\n\nSecurityReason is not going to release a exploit to the general public. \nExploit was provided and tested for Apache Team . References ---\n\nA Refreshing Look at Redirection : http://www.securityfocus.com/archive/1/450418 by Amit Klein\n\n- --- 5. Greets ---\n\nFor: Maksymilian Arciemowicz ( cXIb8O3 ), Infospec, pi3, p_e_a, mpp\n\n- --- 6. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.2 or earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6388"
},
{
"db": "BID",
"id": "27237"
},
{
"db": "VULMON",
"id": "CVE-2007-6388"
},
{
"db": "PACKETSTORM",
"id": "62720"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "62719"
},
{
"db": "PACKETSTORM",
"id": "62721"
},
{
"db": "PACKETSTORM",
"id": "72120"
},
{
"db": "PACKETSTORM",
"id": "62634"
},
{
"db": "PACKETSTORM",
"id": "63601"
}
],
"trust": 1.98
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-6388",
"trust": 2.2
},
{
"db": "BID",
"id": "27237",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "29988",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28607",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28977",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "30732",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "30430",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28471",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29504",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28526",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29806",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "33200",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28749",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28922",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "30356",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29640",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "32800",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "31142",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28965",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "28467",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA08-150A",
"trust": 1.1
},
{
"db": "SREASON",
"id": "3541",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0809",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0047",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-1623",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-1697",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0554",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0447",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-1224",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2008-0986",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1019154",
"trust": 1.1
},
{
"db": "VULMON",
"id": "CVE-2007-6388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62719",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "72120",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62634",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63601",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6388"
},
{
"db": "BID",
"id": "27237"
},
{
"db": "PACKETSTORM",
"id": "62720"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "62719"
},
{
"db": "PACKETSTORM",
"id": "62721"
},
{
"db": "PACKETSTORM",
"id": "72120"
},
{
"db": "PACKETSTORM",
"id": "62634"
},
{
"db": "PACKETSTORM",
"id": "63601"
},
{
"db": "NVD",
"id": "CVE-2007-6388"
}
]
},
"id": "VAR-200801-0561",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-04-10T22:12:11.276000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6388"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6388"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.5,
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"trust": 1.5,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 1.5,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.4,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-032.htm"
},
{
"trust": 1.4,
"url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=689039"
},
{
"trust": 1.4,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk62966"
},
{
"trust": 1.4,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk63273"
},
{
"trust": 1.4,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"trust": 1.4,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/27237"
},
{
"trust": 1.1,
"url": "http://securitytracker.com/id?1019154"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:014"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:015"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0004.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0006.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0007.html"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0008.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28467"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28471"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:016"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28526"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28607"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28749"
},
{
"trust": 1.1,
"url": "http://www116.nortel.com/pub/repository/clarify/document/2008/05/023342-01.pdf"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28965"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00562.html"
},
{
"trust": 1.1,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-february/msg00541.html"
},
{
"trust": 1.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28977"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/28922"
},
{
"trust": 1.1,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1"
},
{
"trust": 1.1,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pk59667\u0026apar=only"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29504"
},
{
"trust": 1.1,
"url": "http://securityreason.com/securityalert/3541"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29640"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29806"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0009.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/29988"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/30356"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/30430"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/31142"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/30732"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/33200"
},
{
"trust": 1.1,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0809/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0554"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0986/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0047"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1224/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0447/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/32800"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39472"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10272"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/498523/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/494428/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/488082/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.4,
"url": "http://securityreason.com/achievement_securityalert/50"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01607570\u0026admit=109447627+1227181083938+28353475"
},
{
"trust": 0.3,
"url": " http://www.phptoys.com/product/micro-news.html"
},
{
"trust": 0.3,
"url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/announcement1.3.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/announcement2.0.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-031.htm"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01364714"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0004.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0007.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0008.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/575-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/support.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ace/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6421"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://itrc.hp.com"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_status.html"
},
{
"trust": 0.1,
"url": "http://securityreason.com/key/sp3x.gpg"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1/450418"
},
{
"trust": 0.1,
"url": "http://securityreason.com"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6388"
},
{
"db": "BID",
"id": "27237"
},
{
"db": "PACKETSTORM",
"id": "62720"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "62719"
},
{
"db": "PACKETSTORM",
"id": "62721"
},
{
"db": "PACKETSTORM",
"id": "72120"
},
{
"db": "PACKETSTORM",
"id": "62634"
},
{
"db": "PACKETSTORM",
"id": "63601"
},
{
"db": "NVD",
"id": "CVE-2007-6388"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2007-6388",
"ident": null
},
{
"db": "BID",
"id": "27237",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62720",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89987",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62719",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62721",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "72120",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62634",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "63601",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-6388",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2008-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6388",
"ident": null
},
{
"date": "2008-01-10T00:00:00",
"db": "BID",
"id": "27237",
"ident": null
},
{
"date": "2008-01-17T05:57:19",
"db": "PACKETSTORM",
"id": "62720",
"ident": null
},
{
"date": "2010-05-27T05:11:37",
"db": "PACKETSTORM",
"id": "89987",
"ident": null
},
{
"date": "2009-08-23T16:31:17",
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"date": "2008-01-17T05:56:17",
"db": "PACKETSTORM",
"id": "62719",
"ident": null
},
{
"date": "2008-01-17T05:59:17",
"db": "PACKETSTORM",
"id": "62721",
"ident": null
},
{
"date": "2008-11-20T19:21:09",
"db": "PACKETSTORM",
"id": "72120",
"ident": null
},
{
"date": "2008-01-15T20:26:59",
"db": "PACKETSTORM",
"id": "62634",
"ident": null
},
{
"date": "2008-02-13T22:27:37",
"db": "PACKETSTORM",
"id": "63601",
"ident": null
},
{
"date": "2008-01-08T18:46:00",
"db": "NVD",
"id": "CVE-2007-6388",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6388",
"ident": null
},
{
"date": "2015-04-13T21:21:00",
"db": "BID",
"id": "27237",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6388",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "27237"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 \u0027mod_status\u0027 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "BID",
"id": "27237"
}
],
"trust": 0.3
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "62720"
},
{
"db": "PACKETSTORM",
"id": "62719"
},
{
"db": "PACKETSTORM",
"id": "62721"
},
{
"db": "PACKETSTORM",
"id": "72120"
},
{
"db": "PACKETSTORM",
"id": "62634"
}
],
"trust": 0.5
}
}
VAR-201306-0226
Vulnerability from variot - Updated: 2026-04-10 22:11mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary commands in the context of the application. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2013:0815-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0815.html Issue date: 2013-05-13 CVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
- Description:
The Apache HTTP Server is a popular web server.
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. (CVE-2012-4558)
It was found that mod_rewrite did not filter terminal escape sequences from its log file. (CVE-2013-1862)
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header. (CVE-2012-3499)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames 915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface 953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386: httpd-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm mod_ssl-2.2.3-78.el5_9.i386.rpm
x86_64: httpd-2.2.3-78.el5_9.x86_64.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm mod_ssl-2.2.3-78.el5_9.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386: httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-manual-2.2.3-78.el5_9.i386.rpm
x86_64: httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.x86_64.rpm httpd-manual-2.2.3-78.el5_9.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm
i386: httpd-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-manual-2.2.3-78.el5_9.i386.rpm mod_ssl-2.2.3-78.el5_9.i386.rpm
ia64: httpd-2.2.3-78.el5_9.ia64.rpm httpd-debuginfo-2.2.3-78.el5_9.ia64.rpm httpd-devel-2.2.3-78.el5_9.ia64.rpm httpd-manual-2.2.3-78.el5_9.ia64.rpm mod_ssl-2.2.3-78.el5_9.ia64.rpm
ppc: httpd-2.2.3-78.el5_9.ppc.rpm httpd-debuginfo-2.2.3-78.el5_9.ppc.rpm httpd-debuginfo-2.2.3-78.el5_9.ppc64.rpm httpd-devel-2.2.3-78.el5_9.ppc.rpm httpd-devel-2.2.3-78.el5_9.ppc64.rpm httpd-manual-2.2.3-78.el5_9.ppc.rpm mod_ssl-2.2.3-78.el5_9.ppc.rpm
s390x: httpd-2.2.3-78.el5_9.s390x.rpm httpd-debuginfo-2.2.3-78.el5_9.s390.rpm httpd-debuginfo-2.2.3-78.el5_9.s390x.rpm httpd-devel-2.2.3-78.el5_9.s390.rpm httpd-devel-2.2.3-78.el5_9.s390x.rpm httpd-manual-2.2.3-78.el5_9.s390x.rpm mod_ssl-2.2.3-78.el5_9.s390x.rpm
x86_64: httpd-2.2.3-78.el5_9.x86_64.rpm httpd-debuginfo-2.2.3-78.el5_9.i386.rpm httpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm httpd-devel-2.2.3-78.el5_9.i386.rpm httpd-devel-2.2.3-78.el5_9.x86_64.rpm httpd-manual-2.2.3-78.el5_9.x86_64.rpm mod_ssl-2.2.3-78.el5_9.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm
x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm
ppc64: httpd-2.2.15-28.el6_4.ppc64.rpm httpd-debuginfo-2.2.15-28.el6_4.ppc.rpm httpd-debuginfo-2.2.15-28.el6_4.ppc64.rpm httpd-devel-2.2.15-28.el6_4.ppc.rpm httpd-devel-2.2.15-28.el6_4.ppc64.rpm httpd-tools-2.2.15-28.el6_4.ppc64.rpm mod_ssl-2.2.15-28.el6_4.ppc64.rpm
s390x: httpd-2.2.15-28.el6_4.s390x.rpm httpd-debuginfo-2.2.15-28.el6_4.s390.rpm httpd-debuginfo-2.2.15-28.el6_4.s390x.rpm httpd-devel-2.2.15-28.el6_4.s390.rpm httpd-devel-2.2.15-28.el6_4.s390x.rpm httpd-tools-2.2.15-28.el6_4.s390x.rpm mod_ssl-2.2.15-28.el6_4.s390x.rpm
x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm
i386: httpd-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-tools-2.2.15-28.el6_4.i686.rpm mod_ssl-2.2.15-28.el6_4.i686.rpm
noarch: httpd-manual-2.2.15-28.el6_4.noarch.rpm
x86_64: httpd-2.2.15-28.el6_4.x86_64.rpm httpd-debuginfo-2.2.15-28.el6_4.i686.rpm httpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm httpd-devel-2.2.15-28.el6_4.i686.rpm httpd-devel-2.2.15-28.el6_4.x86_64.rpm httpd-tools-2.2.15-28.el6_4.x86_64.rpm mod_ssl-2.2.15-28.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-3499.html https://www.redhat.com/security/data/cve/CVE-2012-4558.html https://www.redhat.com/security/data/cve/CVE-2013-1862.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRkStkXlSAg2UNWIIRAjqUAKC32RL1vwpATVk/Br3oSVd4O798twCglqcU SUNZGJOLZsJPZ1ahPENC8lg= =9n3X -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-1903-1 July 15, 2013
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. (CVE-2013-1896)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04: apache2.2-common 2.2.22-6ubuntu5.1
Ubuntu 12.10: apache2.2-common 2.2.22-6ubuntu2.3
Ubuntu 12.04 LTS: apache2.2-common 2.2.22-1ubuntu1.4
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.12
In general, a standard system update will make all the necessary changes. Solution:
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update 2014-001
OS X Mavericks 10.9.2 and Security Update 2014-001 is now available and addresses the following:
Apache Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26. CVE-ID CVE-2013-1862 CVE-2013-1896
App Sandbox Available for: OS X Mountain Lion v10.8.5 Impact: The App Sandbox may be bypassed Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR
ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1254 : Felix Groebert of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1262 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages. CVE-ID CVE-2014-1255 : Meder Kydyraliev of the Google Security Team
ATS Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: The App Sandbox may be bypassed Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking. CVE-ID CVE-2014-1256 : Meder Kydyraliev of the Google Security Team
Certificate Trust Policy Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Root certificates have been updated Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Cookies Available for: OS X Mountain Lion v10.8.5 Impact: Session cookies may persist even after resetting Safari Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett
CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1258 : Karl Smith of NCC Group
CoreText Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking. CVE-ID CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs
curl Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9. CVE-ID CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security Available for: OS X Mavericks 10.9 and 10.9.1 Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266
Date and Time Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: An unprivileged user may change the system clock Description: This update changes the behavior of the systemsetup command to require administrator privileges to change the system clock. CVE-ID CVE-2014-1265
File Bookmark Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a file with a maliciously crafted name may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of file names. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1259
Finder Available for: OS X Mavericks 10.9 and 10.9.1 Impact: Accessing a file's ACL via Finder may lead to other users gaining unauthorized access to files Description: Accessing a file's ACL via Finder may corrupt the ACLs on the file. This issue was addressed through improved handling of ACLs. CVE-ID CVE-2014-1264
ImageIO Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted JPEG file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in libjpeg's handling of JPEG markers, resulting in the disclosure of memory contents. This issue was addressed by better JPEG handling. CVE-ID CVE-2013-6629 : Michal Zalewski
IOSerialFamily Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5139 : @dent1zt
LaunchServices Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 Impact: A file could show the wrong extension Description: An issue existed in the handling of certain unicode characters that could allow filenames to show incorrect extensions. The issue was addressed by filtering unsafe unicode characters from display in filenames. This issue does not affect systems running OS X Mavericks v10.9 or later. CVE-ID CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre of Intego
NVIDIA Drivers Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Executing a malicious application could result in arbitrary code execution within the graphics card Description: An issue existed that allowed writes to some trusted memory on the graphics card. This issue was addressed by removing the ability of the host to write to that memory. CVE-ID CVE-2013-5986 : Marcin Kościelnicki from the X.Org Foundation Nouveau project CVE-2013-5987 : Marcin Kościelnicki from the X.Org Foundation Nouveau project
PHP Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may have led to arbitrary code execution. These issues were addressed by updating PHP to version 5.4.22 on OS X Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. CVE-ID CVE-2013-4073 CVE-2013-4113 CVE-2013-4248 CVE-2013-6420
QuickLook Available for: OS X Mountain Lion v10.8.5 Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may have led to an unexpected application termination or arbitrary code execution. This issue does not affect systems running OS X Mavericks 10.9 or later. CVE-ID CVE-2014-1260 : Felix Groebert of the Google Security Team
QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Downloading a maliciously crafted Microsoft Word document may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in QuickLook's handling of Microsoft Word documents. This issue was addressed through improved memory management. CVE-ID CVE-2014-1252 : Felix Groebert of the Google Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ftab' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1246 : An anonymous researcher working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'dref' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'ldat' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PSD images. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An out of bounds byte swapping issue existed in the handling of 'ttfo' elements. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1250 : Jason Kratzer working with iDefense VCP
QuickTime Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1 Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of 'stsz' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day Initiative
Secure Transport Available for: OS X Mountain Lion v10.8.5 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. To address these issues for applications using Secure Transport, the 1-byte fragment mitigation was enabled by default for this configuration. CVE-ID CVE-2011-3389 : Juliano Rizzo and Thai Duong
OS X Mavericks v10.9.2 includes the content of Safari 7.0.2.
OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6 U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ 3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8 C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI aiYIh+SzR0rBdMZRgyzv =+DAJ -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/
Security fixes:
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. (CVE-2012-4558)
A flaw was found in the way the mod_dav module handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896)
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block. (CVE-2013-1862)
The data file used by PicketBox Vault to store encrypted passwords contains a copy of its own admin key. The file is encrypted using only this admin key, not the corresponding JKS key. A local attacker with permission to read the vault data file could read the admin key from the file, and use it to decrypt the file and read the stored passwords in clear text. (CVE-2013-1921)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on an adjacent network to reuse the credentials from a previous successful authentication. This could be exploited to read diagnostic information (information disclosure) and attain limited remote code execution. Refer to the Solution section for further details. The JBoss server process must be restarted for the update to take effect. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.10"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.25"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.65"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.2"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "13.04"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.3.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8.5"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9.1"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server express",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/web questionnaire all versions"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle forms reports 11.1.2.1"
},
{
"_id": null,
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v8.5"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.x"
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle http server 11.1.1.6.0"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v8.5"
},
{
"_id": null,
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/faq navigator all versions"
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle http server 11.1.1.7.0"
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle http server 12.1.2.0"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v8.4"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v9.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.25"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.9"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition l11",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux enterprise server sp3 ltss",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.57"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.60"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.1"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.17"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.22"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "interstage business application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
}
],
"sources": [
{
"db": "BID",
"id": "59826"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "NVD",
"id": "CVE-2013-1862"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:csview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
}
]
},
"credits": {
"_id": null,
"data": "Joe Orton",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
}
],
"trust": 0.6
},
"cve": "CVE-2013-1862",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2013-1862",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1862",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-1862",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-1862",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1862"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "NVD",
"id": "CVE-2013-1862"
}
]
},
"description": {
"_id": null,
"data": "mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input. \nAttackers can exploit this issue to execute arbitrary commands in the context of the application. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security update\nAdvisory ID: RHSA-2013:0815-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0815.html\nIssue date: 2013-05-13\nCVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nThe Apache HTTP Server is a popular web server. \n\nCross-site scripting (XSS) flaws were found in the mod_proxy_balancer\nmodule\u0027s manager web interface. If a remote attacker could trick a user,\nwho was logged into the manager web interface, into visiting a\nspecially-crafted URL, it would lead to arbitrary web script execution in\nthe context of the user\u0027s manager interface session. (CVE-2012-4558)\n\nIt was found that mod_rewrite did not filter terminal escape sequences from\nits log file. (CVE-2013-1862)\n\nCross-site scripting (XSS) flaws were found in the mod_info, mod_status,\nmod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could\npossibly use these flaws to perform XSS attacks if they were able to make\nthe victim\u0027s browser generate an HTTP request with a specially-crafted Host\nheader. (CVE-2012-3499)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames\n915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface\n953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm\n\ni386:\nhttpd-2.2.3-78.el5_9.i386.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.i386.rpm\nmod_ssl-2.2.3-78.el5_9.i386.rpm\n\nx86_64:\nhttpd-2.2.3-78.el5_9.x86_64.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm\nmod_ssl-2.2.3-78.el5_9.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.3-78.el5_9.i386.rpm\nhttpd-devel-2.2.3-78.el5_9.i386.rpm\nhttpd-manual-2.2.3-78.el5_9.i386.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.3-78.el5_9.i386.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm\nhttpd-devel-2.2.3-78.el5_9.i386.rpm\nhttpd-devel-2.2.3-78.el5_9.x86_64.rpm\nhttpd-manual-2.2.3-78.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-78.el5_9.src.rpm\n\ni386:\nhttpd-2.2.3-78.el5_9.i386.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.i386.rpm\nhttpd-devel-2.2.3-78.el5_9.i386.rpm\nhttpd-manual-2.2.3-78.el5_9.i386.rpm\nmod_ssl-2.2.3-78.el5_9.i386.rpm\n\nia64:\nhttpd-2.2.3-78.el5_9.ia64.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.ia64.rpm\nhttpd-devel-2.2.3-78.el5_9.ia64.rpm\nhttpd-manual-2.2.3-78.el5_9.ia64.rpm\nmod_ssl-2.2.3-78.el5_9.ia64.rpm\n\nppc:\nhttpd-2.2.3-78.el5_9.ppc.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.ppc.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.ppc64.rpm\nhttpd-devel-2.2.3-78.el5_9.ppc.rpm\nhttpd-devel-2.2.3-78.el5_9.ppc64.rpm\nhttpd-manual-2.2.3-78.el5_9.ppc.rpm\nmod_ssl-2.2.3-78.el5_9.ppc.rpm\n\ns390x:\nhttpd-2.2.3-78.el5_9.s390x.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.s390.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.s390x.rpm\nhttpd-devel-2.2.3-78.el5_9.s390.rpm\nhttpd-devel-2.2.3-78.el5_9.s390x.rpm\nhttpd-manual-2.2.3-78.el5_9.s390x.rpm\nmod_ssl-2.2.3-78.el5_9.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-78.el5_9.x86_64.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.i386.rpm\nhttpd-debuginfo-2.2.3-78.el5_9.x86_64.rpm\nhttpd-devel-2.2.3-78.el5_9.i386.rpm\nhttpd-devel-2.2.3-78.el5_9.x86_64.rpm\nhttpd-manual-2.2.3-78.el5_9.x86_64.rpm\nmod_ssl-2.2.3-78.el5_9.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\ni386:\nhttpd-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-tools-2.2.15-28.el6_4.i686.rpm\n\nx86_64:\nhttpd-2.2.15-28.el6_4.x86_64.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-tools-2.2.15-28.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nmod_ssl-2.2.15-28.el6_4.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-28.el6_4.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.x86_64.rpm\nmod_ssl-2.2.15-28.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\nx86_64:\nhttpd-2.2.15-28.el6_4.x86_64.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-tools-2.2.15-28.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\nnoarch:\nhttpd-manual-2.2.15-28.el6_4.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.x86_64.rpm\nmod_ssl-2.2.15-28.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\ni386:\nhttpd-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-tools-2.2.15-28.el6_4.i686.rpm\nmod_ssl-2.2.15-28.el6_4.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-28.el6_4.noarch.rpm\n\nppc64:\nhttpd-2.2.15-28.el6_4.ppc64.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.ppc.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.ppc64.rpm\nhttpd-devel-2.2.15-28.el6_4.ppc.rpm\nhttpd-devel-2.2.15-28.el6_4.ppc64.rpm\nhttpd-tools-2.2.15-28.el6_4.ppc64.rpm\nmod_ssl-2.2.15-28.el6_4.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-28.el6_4.s390x.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.s390.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.s390x.rpm\nhttpd-devel-2.2.15-28.el6_4.s390.rpm\nhttpd-devel-2.2.15-28.el6_4.s390x.rpm\nhttpd-tools-2.2.15-28.el6_4.s390x.rpm\nmod_ssl-2.2.15-28.el6_4.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-28.el6_4.x86_64.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.x86_64.rpm\nhttpd-tools-2.2.15-28.el6_4.x86_64.rpm\nmod_ssl-2.2.15-28.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-28.el6_4.src.rpm\n\ni386:\nhttpd-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-tools-2.2.15-28.el6_4.i686.rpm\nmod_ssl-2.2.15-28.el6_4.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-28.el6_4.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-28.el6_4.x86_64.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.i686.rpm\nhttpd-debuginfo-2.2.15-28.el6_4.x86_64.rpm\nhttpd-devel-2.2.15-28.el6_4.i686.rpm\nhttpd-devel-2.2.15-28.el6_4.x86_64.rpm\nhttpd-tools-2.2.15-28.el6_4.x86_64.rpm\nmod_ssl-2.2.15-28.el6_4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-3499.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-4558.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-1862.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFRkStkXlSAg2UNWIIRAjqUAKC32RL1vwpATVk/Br3oSVd4O798twCglqcU\nSUNZGJOLZsJPZ1ahPENC8lg=\n=9n3X\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-1903-1\nJuly 15, 2013\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.04\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. A remote attacker could use this issue to cause the server to\nstop responding, resulting in a denial of service. (CVE-2013-1896)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.04:\n apache2.2-common 2.2.22-6ubuntu5.1\n\nUbuntu 12.10:\n apache2.2-common 2.2.22-6ubuntu2.3\n\nUbuntu 12.04 LTS:\n apache2.2-common 2.2.22-1ubuntu1.4\n\nUbuntu 10.04 LTS:\n apache2.2-common 2.2.14-5ubuntu8.12\n\nIn general, a standard system update will make all the necessary changes. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update\n2014-001\n\nOS X Mavericks 10.9.2 and Security Update 2014-001 is now available\nand addresses the following:\n\nApache\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to cross-site scripting. These issues were\naddressed by updating Apache to version 2.2.26. \nCVE-ID\nCVE-2013-1862\nCVE-2013-1896\n\nApp Sandbox\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: The App Sandbox may be bypassed\nDescription: The LaunchServices interface for launching an\napplication allowed sandboxed apps to specify the list of arguments\npassed to the new process. A compromised sandboxed application could\nabuse this to bypass the sandbox. This issue was addressed by\npreventing sandboxed applications from specifying arguments. This\nissue does not affect systems running OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2013-5179 : Friedrich Graeter of The Soulmen GbR\n\nATS\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nhandling of Type 1 fonts. This issue was addressed through improved\nbounds checking. \nCVE-ID\nCVE-2014-1254 : Felix Groebert of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A memory corruption issue existed in the handling of\nMach messages passed to ATS. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1262 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: An arbitrary free issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed through additional\nvalidation of Mach messages. \nCVE-ID\nCVE-2014-1255 : Meder Kydyraliev of the Google Security Team\n\nATS\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: The App Sandbox may be bypassed\nDescription: A buffer overflow issue existed in the handling of Mach\nmessages passed to ATS. This issue was addressed by additional bounds\nchecking. \nCVE-ID\nCVE-2014-1256 : Meder Kydyraliev of the Google Security Team\n\nCertificate Trust Policy\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Root certificates have been updated\nDescription: The set of system root certificates has been updated. \nThe complete list of recognized system roots may be viewed via the\nKeychain Access application. \n\nCFNetwork Cookies\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Session cookies may persist even after resetting Safari\nDescription: Resetting Safari did not always delete session cookies\nuntil Safari was closed. This issue was addressed through improved\nhandling of session cookies. This issue does not affect systems\nrunning OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett\n\nCoreAnimation\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Visiting a maliciously crafted site may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreAnimation\u0027s\nhandling of images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1258 : Karl Smith of NCC Group\n\nCoreText\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in CoreText in the handling\nof Unicode fonts. This issue is addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs\n\ncurl\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: When using curl to connect to an HTTPS URL containing\nan IP address, the IP address was not validated against the\ncertificate. This issue does not affect systems prior to OS X\nMavericks v10.9. \nCVE-ID\nCVE-2014-1263 : Roland Moriz of Moriz GmbH\n\nData Security\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: Secure Transport failed to validate the authenticity of\nthe connection. This issue was addressed by restoring missing\nvalidation steps. \nCVE-ID\nCVE-2014-1266\n\nDate and Time\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: An unprivileged user may change the system clock\nDescription: This update changes the behavior of the systemsetup\ncommand to require administrator privileges to change the system\nclock. \nCVE-ID\nCVE-2014-1265\n\nFile Bookmark\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a file with a maliciously crafted name may lead to\nan unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of file\nnames. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1259\n\nFinder\nAvailable for: OS X Mavericks 10.9 and 10.9.1\nImpact: Accessing a file\u0027s ACL via Finder may lead to other users\ngaining unauthorized access to files\nDescription: Accessing a file\u0027s ACL via Finder may corrupt the ACLs\non the file. This issue was addressed through improved handling of\nACLs. \nCVE-ID\nCVE-2014-1264\n\nImageIO\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted JPEG file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nlibjpeg\u0027s handling of JPEG markers, resulting in the disclosure of\nmemory contents. This issue was addressed by better JPEG handling. \nCVE-ID\nCVE-2013-6629 : Michal Zalewski\n\nIOSerialFamily\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: Executing a malicious application may result in arbitrary\ncode execution within the kernel\nDescription: An out of bounds array access existed in the\nIOSerialFamily driver. This issue was addressed through additional\nbounds checking. This issue does not affect systems running OS X\nMavericks v10.9 or later. \nCVE-ID\nCVE-2013-5139 : @dent1zt\n\nLaunchServices\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5\nImpact: A file could show the wrong extension\nDescription: An issue existed in the handling of certain unicode\ncharacters that could allow filenames to show incorrect extensions. \nThe issue was addressed by filtering unsafe unicode characters from\ndisplay in filenames. This issue does not affect systems running OS X\nMavericks v10.9 or later. \nCVE-ID\nCVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre\nof Intego\n\nNVIDIA Drivers\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Executing a malicious application could result in arbitrary\ncode execution within the graphics card\nDescription: An issue existed that allowed writes to some trusted\nmemory on the graphics card. This issue was addressed by removing the\nability of the host to write to that memory. \nCVE-ID\nCVE-2013-5986 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\nCVE-2013-5987 : Marcin Ko\u015bcielnicki from the X.Org Foundation\nNouveau project\n\nPHP\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP, the most\nserious of which may have led to arbitrary code execution. These\nissues were addressed by updating PHP to version 5.4.22 on OS X\nMavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion. \nCVE-ID\nCVE-2013-4073\nCVE-2013-4113\nCVE-2013-4248\nCVE-2013-6420\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: Downloading a maliciously crafted Microsoft Office file may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in QuickLook\u0027s\nhandling of Microsoft Office files. Downloading a maliciously crafted\nMicrosoft Office file may have led to an unexpected application\ntermination or arbitrary code execution. This issue does not affect\nsystems running OS X Mavericks 10.9 or later. \nCVE-ID\nCVE-2014-1260 : Felix Groebert of the Google Security Team\n\nQuickLook\nAvailable for: OS X Mountain Lion v10.8.5,\nOS X Mavericks 10.9 and 10.9.1\nImpact: Downloading a maliciously crafted Microsoft Word document\nmay lead to an unexpected application termination or arbitrary code\nexecution\nDescription: A double free issue existed in QuickLook\u0027s handling of\nMicrosoft Word documents. This issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2014-1252 : Felix Groebert of the Google Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ftab\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1246 : An anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027dref\u0027 atoms. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2014-1247 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of \u0027ldat\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1248 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Viewing a maliciously crafted PSD image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PSD\nimages. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1249 : dragonltx of Tencent Security Team\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An out of bounds byte swapping issue existed in the\nhandling of \u0027ttfo\u0027 elements. This issue was addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2014-1250 : Jason Kratzer working with iDefense VCP\n\nQuickTime\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1\nImpact: Playing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of \u0027stsz\u0027\natoms. This issue was addressed through improved bounds checking. \nCVE-ID\nCVE-2014-1245 : Tom Gallagher \u0026 Paul Bates working with HP\u0027s Zero Day\nInitiative\n\nSecure Transport\nAvailable for: OS X Mountain Lion v10.8.5\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There were known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode. \nTo address these issues for applications using Secure Transport, the\n1-byte fragment mitigation was enabled by default for this\nconfiguration. \nCVE-ID\nCVE-2011-3389 : Juliano Rizzo and Thai Duong\n\nOS X Mavericks v10.9.2 includes the content of Safari 7.0.2. \n\nOS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from \nthe Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn\nmlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6\nU0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb\nOlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ\n3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8\nC6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY\nY7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O\nt2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX\niB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ\nq5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv\nkBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI\naiYIh+SzR0rBdMZRgyzv\n=+DAJ\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release serves as a replacement for Red Hat JBoss Enterprise\nApplication Platform 6.1.0, and includes bug fixes and enhancements. Refer\nto the 6.1.1 Release Notes for information on the most significant of these\nchanges, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nSecurity fixes:\n\nCross-site scripting (XSS) flaws were found in the mod_info, mod_status,\nmod_imagemap, mod_ldap, and mod_proxy_ftp modules. (CVE-2012-4558)\n\nA flaw was found in the way the mod_dav module handled merge requests. An\nattacker could use this flaw to send a crafted merge request that contains\nURIs that are not configured for DAV, causing the httpd child process to\ncrash. (CVE-2013-1896)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially-crafted XML signature block. (CVE-2013-1862)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file, and use it\nto decrypt the file and read the stored passwords in clear text. \n(CVE-2013-1921)\n\nA flaw was found in JGroup\u0027s DiagnosticsHandler that allowed an attacker on\nan adjacent network to reuse the credentials from a previous successful\nauthentication. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution. \nRefer to the Solution section for further details. The\nJBoss server process must be restarted for the update to take effect. On\nupdate, the configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1862"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "BID",
"id": "59826"
},
{
"db": "VULMON",
"id": "CVE-2013-1862"
},
{
"db": "PACKETSTORM",
"id": "121622"
},
{
"db": "PACKETSTORM",
"id": "122417"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "123095"
},
{
"db": "PACKETSTORM",
"id": "122671"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-1862",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "55032",
"trust": 2.4
},
{
"db": "BID",
"id": "59826",
"trust": 1.9
},
{
"db": "BID",
"id": "64758",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2013-1862",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121622",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122417",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125427",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122671",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1862"
},
{
"db": "BID",
"id": "59826"
},
{
"db": "PACKETSTORM",
"id": "121622"
},
{
"db": "PACKETSTORM",
"id": "122417"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "123095"
},
{
"db": "PACKETSTORM",
"id": "122671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "NVD",
"id": "CVE-2013-1862"
}
]
},
"id": "VAR-201306-0226",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1915078275
},
"last_update_date": "2026-04-10T22:11:44.845000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Revision 1469311",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=r1469311"
},
{
"title": "APPLE-SA-2014-02-25-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150"
},
{
"title": "HT6150",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6150?viewlocale=ja_JP"
},
{
"title": "Changes with Apache 2.2.25",
"trust": 0.8,
"url": "http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch"
},
{
"title": "Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862"
},
{
"title": "HPSBUX02927 SSRT101288",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c03922406"
},
{
"title": "1644047",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"title": "NV14-005",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv14-005.html"
},
{
"title": "openSUSE-SU-2013:1337",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html"
},
{
"title": "openSUSE-SU-2013:1340",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html"
},
{
"title": "openSUSE-SU-2013:1341",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014verbose-1972951.html"
},
{
"title": "Bug 953729",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953729"
},
{
"title": "RHSA-2013:0815",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-0815.html"
},
{
"title": "RHSA-2013:1207",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"title": "RHSA-2013:1208",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"title": "RHSA-2013:1209",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"title": "Multiple vulnerabilities in Apache HTTP Server",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4"
},
{
"title": "January 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2014_critical_patch_update"
},
{
"title": "USN-1903-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-1903-1"
},
{
"title": "TLSA-2014-14",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2014/TLSA-2014-14j.html"
},
{
"title": "Interstage HTTP Server (CVE-2011-3607/ CVE-2012-3499/ CVE-2012-2687/ CVE-2013-1862)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201303.html"
},
{
"title": "httpd-2.4.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46245"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130815 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131207 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: Fix for CVE-2013-1896",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=79313beebc76528397d5c143d80f742f"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1903-1"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131208 - Security Advisory"
},
{
"title": "Red Hat: CVE-2013-1862",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2013-1862"
},
{
"title": "Amazon Linux AMI: ALAS-2013-194",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-194"
},
{
"title": "Amazon Linux AMI: ALAS-2013-193",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-193"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2013-1862 "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hrbrmstr/internetdb "
},
{
"title": "DC-1-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
},
{
"title": "pigat",
"trust": 0.1,
"url": "https://github.com/teamssix/pigat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2013-1862"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "NVD",
"id": "CVE-2013-1862"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/55032"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0815.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1903-1"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1209.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1208.html"
},
{
"trust": 1.6,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=953729"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c03922406-1%257cdoclocale%253d%257ccalledby%253d\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
},
{
"trust": 1.6,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=r1469311"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18790"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/64758"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html"
},
{
"trust": 1.6,
"url": "http://people.apache.org/~jorton/mod_rewrite-cve-2013-1862.patch"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19534"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1207.html"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/59826"
},
{
"trust": 1.6,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644047"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:174"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"trust": 1.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1862"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1862"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1862"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1862"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1896"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1862.html"
},
{
"trust": 0.4,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3499"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3499.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4558.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4558"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1896.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4112.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1921.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1921"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/documentation/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-6ubuntu5.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-6ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=distributions"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1255"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6629"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1245"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1258"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1247"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1257"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1252"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2013-1133.html"
}
],
"sources": [
{
"db": "BID",
"id": "59826"
},
{
"db": "PACKETSTORM",
"id": "121622"
},
{
"db": "PACKETSTORM",
"id": "122417"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "125427"
},
{
"db": "PACKETSTORM",
"id": "123095"
},
{
"db": "PACKETSTORM",
"id": "122671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948"
},
{
"db": "NVD",
"id": "CVE-2013-1862"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2013-1862",
"ident": null
},
{
"db": "BID",
"id": "59826",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121622",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122417",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123090",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "125427",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122671",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002948",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-1862",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1862",
"ident": null
},
{
"date": "2013-05-13T00:00:00",
"db": "BID",
"id": "59826",
"ident": null
},
{
"date": "2013-05-14T04:10:51",
"db": "PACKETSTORM",
"id": "121622",
"ident": null
},
{
"date": "2013-07-16T03:39:35",
"db": "PACKETSTORM",
"id": "122417",
"ident": null
},
{
"date": "2013-09-04T22:44:12",
"db": "PACKETSTORM",
"id": "123090",
"ident": null
},
{
"date": "2014-02-26T22:21:07",
"db": "PACKETSTORM",
"id": "125427",
"ident": null
},
{
"date": "2013-09-04T22:45:28",
"db": "PACKETSTORM",
"id": "123095",
"ident": null
},
{
"date": "2013-08-05T17:55:11",
"db": "PACKETSTORM",
"id": "122671",
"ident": null
},
{
"date": "2013-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-234",
"ident": null
},
{
"date": "2013-06-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002948",
"ident": null
},
{
"date": "2013-06-10T17:55:01.527000",
"db": "NVD",
"id": "CVE-2013-1862",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-09-14T00:00:00",
"db": "VULMON",
"id": "CVE-2013-1862",
"ident": null
},
{
"date": "2015-07-15T00:34:00",
"db": "BID",
"id": "59826",
"ident": null
},
{
"date": "2022-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-234",
"ident": null
},
{
"date": "2016-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002948",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-1862",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "121622"
},
{
"db": "PACKETSTORM",
"id": "122417"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "59826"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-234"
}
],
"trust": 0.6
}
}
VAR-200907-0693
Vulnerability from variot - Updated: 2026-04-10 22:08The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. The Apache 'mod_deflate' module is prone to a denial-of-service vulnerability. Successful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2009:323 http://www.mandriva.com/security/
Package : apache Date : December 7, 2009 Affected: 2008.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891).
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- .
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.11-r2 >= 2.2.11-r2
Description
Multiple vulnerabilities have been discovered in the Apache HTTP server:
-
Jonathan Peatfield reported that the "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is not processed properly (CVE-2009-1195).
-
Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191).
Impact
A local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server.
Workaround
Remove "include", "mod_proxy_ajp", "mod_proxy_http" and "deflate" from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.11-r2"
References
[ 1 ] CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 [ 2 ] CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 [ 3 ] CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 [ 4 ] CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200907-04.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824490 Version: 1
HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05 Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.
References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html
CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html
HISTORY Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic= =EvRT -----END PGP SIGNATURE----- . This issue did not affect Debian 4.0 "etch". This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed. (CVE-2009-1891)
For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny4.
The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch9.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.11-7.
This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.
Updated packages for the s390 and mipsel architectures are not included yet. They will be released as soon as they become available.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.diff.gz Size/MD5 checksum: 127065 2705ba251cdd2e979ce85099b4548848 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.dsc Size/MD5 checksum: 1068 5090ccfce8dc2e193a0200a5046fc0c2 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.diff.gz Size/MD5 checksum: 12705 7327720850092af23dae939c8b6e0268 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.dsc Size/MD5 checksum: 676 3823620d6958a99e0d9bf8d54172071e
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch9_all.deb Size/MD5 checksum: 6666600 863bd8f5274dcca2b348ddfb455f1e98 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch9_all.deb Size/MD5 checksum: 274258 632e77496c06ac55702187083210c5bd http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch9_all.deb Size/MD5 checksum: 2243400 3c97cd0ed50e13730082455509ccf2ea http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9_all.deb Size/MD5 checksum: 41428 765f1df6239124b257a17373ec12a25c
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_alpha.deb Size/MD5 checksum: 184750 a5ab12e5997c22cc5384f4dd57039bf0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 406786 9327ff1f134980e38e8af0a9bd333744 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 345748 e6aa3a131e39ea0da098cd68e769ca7b http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 407410 1f8fa482173f33fbf635c4d4b622d6dd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 449496 f4bb6824e49f741d853b80c6cd1c34be http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 444670 26e6f91f3f21c9c3ce178abff526f8d6 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 1016848 234579bc27e5372455df962ae77da5ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_alpha.deb Size/MD5 checksum: 450004 8d41f42126489a657627549f3fd03236
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 408082 af95e2d0f5daba30588d20bee6ea1374 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 408766 8769e1922010d061afd64b917bf9ebfb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 436036 83d55a3ec28d1d2954d5c524ace972ed http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 999314 86e7fb785110434ba47a93ad08dfbb46 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 432016 34bea3d8a903690047c0ce17dff9d0a8 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_amd64.deb Size/MD5 checksum: 172540 7e6a45df8e195f3871b1d5f333a832d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 341900 59846089ce413189c2a999b46ff9022c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_amd64.deb Size/MD5 checksum: 436510 c697b045a1b6643f4aca8f75b6019688
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 346122 69dc7042a32293cf61c6a037a0defcf2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 966476 cfe3ffb085393e3ed0d4c58a078b21c2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 422504 19091c57d38578606c074f637f5b9b77 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 421738 91f192b72202b0266f64e418c6ecf419 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 411030 5be3b5b0a332a274f16ac9fcfbfed59c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 411766 84009ab4d2335289437a721b2828f66e http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_arm.deb Size/MD5 checksum: 157456 c025f46f6df32cc58eb44c1fe43a0b95 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_arm.deb Size/MD5 checksum: 418168 90253c45e4e2ddd858144f0df7083881
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 443192 062ef8c245a4d94bff4ffaa7de4e80bc http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 1078368 3796cc564424fa9302f59ecdfb609e07 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 351892 a140b65fb1cd39922347fa9c3bfd3378 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 439772 d654376818ab21c08354d91354f774e4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 410632 a287c471fe93b308f6b11262cd7a9f5a http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 409756 41555f1eb2b8a1f506b72521a45da883 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_hppa.deb Size/MD5 checksum: 443650 e1ce0eaf55fb5f75061ec379d86ed00f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_hppa.deb Size/MD5 checksum: 179276 41098929aec66df2eb6aff15c65d185b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 423714 80ff91b5681b3b65b9f82510b78995d8 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 342508 473c50b8e3b3ff72f61fd2773ad0a5ec http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 419898 3efc018978b3f6879d4e17cd870da7c6 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 962488 9f79ca5450eb153eeb77d0ccdf63af53 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 424256 f7df4f2e8308b37945d6c9350fb68059 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_i386.deb Size/MD5 checksum: 160954 7bced5cbbed7133d3e7792b0aa40673c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 410094 c973180a87c19636cc18823d872eaaf5 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_i386.deb Size/MD5 checksum: 409096 aca126fc936879a914786d64b39582f1
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_ia64.deb Size/MD5 checksum: 231658 8588ce0e7b8f4ac4a486c3ee1f7e3f98 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 407390 c0070cc353345e43208362eb4b59fde2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 490872 0e1504ba3f45642856d2fa0b961f8700 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 1203918 a0f6cbde5068600b39a1ecd4ec6a5b47 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 497934 5c8cd8e03d196f3bf950c11c48c4ee8b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 360406 db46e71e165212b10d2fbda1a606cd98 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 497114 289213d2c49b217caf6a35d69f63e1e7 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_ia64.deb Size/MD5 checksum: 406772 84111944453e85d3abf713ae51826439
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_mips.deb Size/MD5 checksum: 170220 026044026baf1ce8467698a2a73aa5ab http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 407938 b64b7c8cbc89b5a53ec2aaa58afec391 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 433466 cbb48f0d929ce882c39d76966ba70193 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 434190 ce951039761e140b5886fe57a255fa44 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 348326 a718aad2980aa88aacd1d521c41de077 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 409050 d35c3c4676678eb03b9661484051b391 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 976346 6a45c13a7402ec443a17760e26483bf8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_mips.deb Size/MD5 checksum: 429286 1bd2eed2169f0de38f651821aaa3da3b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 432192 906d504de8f20bc6c8ad1469a837e195 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 406780 1e83caee969de1766eb5fc6067e76696 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 427394 8a6ca2bdba868fdebeee23dda1f72701 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 431602 90b2195a707a5b67745eabef4c2a8768 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 1035070 0c620f29ceab742f65dad5eaf1d9d4f4 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 353950 a0ba6038b988595e5a23dd1fb7639c4c http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_powerpc.deb Size/MD5 checksum: 407402 f0288619d689fc7dcf60860a4f36a933 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_powerpc.deb Size/MD5 checksum: 167642 c30002dbdc362dd5467146d1937dea53
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 418730 48e4d2f03309d7b24e3cde05a5b71a21 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 408606 1578768e504d10048c569485d9606289 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_sparc.deb Size/MD5 checksum: 157718 452a1e8f879fbc6d63a553d6baec602d http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 343654 ac6444870699cc33ad7f961eed9398ce http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 422500 5a8ce79508be63aa69c4df345bb0cee0 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 959220 b771edecfb5c7813eca216bfe66a3898 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 422118 6565c943000320159110ac22dcd5f559 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_sparc.deb Size/MD5 checksum: 409490 c1a6eba5bc28035aa796688e47e5e4dc
Debian GNU/Linux 5.0 alias lenny
Source archives:
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.dsc Size/MD5 checksum: 1164 307984cde328f4d612ab19f783850723 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.diff.gz Size/MD5 checksum: 13140 adfb807359e881c02f62c979a1f3728b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz Size/MD5 checksum: 33295 1da861a142f8d0d2e2a5bfbc7c760199 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.diff.gz Size/MD5 checksum: 138623 e83f70e3fe9dc21e23b9e12e0e3509a2 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.dsc Size/MD5 checksum: 1673 3edbeef1b78cdcb238a1b156b1e15bb3 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny4_all.deb Size/MD5 checksum: 6734400 79b3f9d5db6aa727567fbe8465ff90d4 http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny4_all.deb Size/MD5 checksum: 2060300 196001254f77a940ad90c9b71a852e77 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4_all.deb Size/MD5 checksum: 44714 bc0ebb5a9da11e825827315a6899abfb
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 847834 aaf8837f7c08aca3d011376dcffc7e16 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 147370 dbb9268ff94f758a080b6e8a05a4bdf2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 261110 83e82a6a01480d834aa5339e24f5969a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 256066 96f6245fa6e4ed746ef8262233f503ad http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 208196 6ee84eaafd8eb561b9a439dcbb783236 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 261798 a1229304be029b88e4f5c398f91f4e40 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 83944 8b74c4d4c39b5ac398710dab602337e2 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 209246 bc34fe81b34a34e0dc9f7ead8de8fe1a http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_alpha.deb Size/MD5 checksum: 198092 4881bbe2b0e5b4f348877e7ea627ce52 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 2401116 319b1da984a7f71cc3c7a7a5ba49b867 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_alpha.deb Size/MD5 checksum: 82234 4c29b98521c49ac1ecbc8d6c011abdfa
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 144626 5d4768acfae476c402e6fc4691b4546e http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 209292 67863fa88619fd577003df2aa7cce0e0 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 82096 a98e3f9008a265b60353de3951e2e398 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 208304 57c865b54fb1cc86c4a8cfab227bc306 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 253304 074663f709a0bf0ee633455f80fee628 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 257894 6360df03503d90a3d3ce328b864e6f51 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 2461864 89f24f597409e1c28c269d480c73e3e4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_amd64.deb Size/MD5 checksum: 195110 701e3f4e5f285547da2812995f2633c6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 257386 4d91795d2a2fad9cdf6b68339b4829b6 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 83788 5316f2c34b8b48c4add784cc76753456 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_amd64.deb Size/MD5 checksum: 814092 20325906f84a4e8fe2d44facc5b6b5d3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 2325038 1d76ab85e35d2cbba2f03e27a298e94c http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 80888 86bf973a332a92a29382ee8a46a6c026 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 785978 52f17dbf1fee0cd55ee9009fdd4f0fd8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 223420 dff6ac226c23cf2a09203988d7a2b9f1 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_arm.deb Size/MD5 checksum: 161996 1a897301ece23202fcfa1237255fc4d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 82676 d9fbdef2dff08820870956f9657a58e6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 219532 71eacc1f45625b1df19e76d75e3ba3c6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 146788 ac12d8e6bdf36cb3dcdc25cb18e3e30a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 210508 a21d73a92f2afc9fe444e8605a17b217 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 224274 522c6f94729d2a1dee88587c915d519d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_arm.deb Size/MD5 checksum: 209360 e929d57bd87b4274b164957b1ddecd28
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 225576 b0dcffd0883f47503ccf734f18852ad0 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 801902 185f8929c05f1908bcaa8b860f389578 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 221418 c65a0ed2b6c24ca34b7b8eaf89b371d4 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 2339212 8774ee70034af693ad839a1a32cb8349 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_armel.deb Size/MD5 checksum: 162788 1af310dc30900cb2351f0b72700f1b6a http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 83420 d8880a371ce336eb07ecdb6560658a9d http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 150670 d78e5498f0eef77186479e10bb91b6b1 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 213296 2bab992f24e1772284062500f3574524 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 212144 216add040a936ef2981edc7d9561e114 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 81784 cac9e229181c8437b445bdfb8812c3c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_armel.deb Size/MD5 checksum: 225852 ae8ac07aacb889e9f3e6c59c8b511fcf
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_hppa.deb Size/MD5 checksum: 183160 f2b39550c5f7e82e489c912166d9979e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 152354 065c6e2360f9a561032ff001da648d4d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 83830 de830f6d2a404e47907eff31c8e500f8 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 82196 16539b99fc2144c8bcfcd7af8d0ab185 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 246170 7d2bc68a96df307fed56456b73f03b66 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 246644 3047579aa5229cd6015dbb1e4235bd5e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 888518 69936f2c0a47f50d1656d42a1f07be60 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 211744 a16842a731424f0da311c9ad06db1e6d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 2380288 cd896ebb2704567cb74f3d0ee7e0eb4d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 210730 716d95b564b12cf4a3a44d3b847d1718 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_hppa.deb Size/MD5 checksum: 241526 9e86d0c72e5c01770d5b9a403eea1931
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 2321656 ec028a4db5a43f4ed9ad5be64752d03a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 236982 db7f962144ad83c02e89cf774292288b http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 81826 14dc03b9022352f6ca89cc18d5a0330e http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_i386.deb Size/MD5 checksum: 178820 b6a82b00259627a7f7fb593d9b011766 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 83576 1bada724cf9b6dd9f63c650467efeba9 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 142984 a5f47b4e360f4dfb1af40edc0fd4b029 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 212226 962c9711427d4b3040f2682cc76ab86a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 240950 d071d125f52595d24d7ce27a700125b2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 782590 91c5374730252660a652998778f37d8d http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 210906 c3f8cc33efaf94bb394269a70c71a0d1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_i386.deb Size/MD5 checksum: 240464 5354fbeaf0547f9a42bb15093325f549
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 311214 f283915f5e76d3cd640589d549a76a71 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 85302 ff6953155bfaf472969417b48b2551f8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 1035884 aa5c4d97a05db590c5f3f2cf4d19c555 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 2316556 d26cb59c9177ec0e71a95ad856d4e051 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_ia64.deb Size/MD5 checksum: 246932 42ab72304a76a62f65836b6c60c73010 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 312166 f58ecace375bd6b35f1a4062748c5408 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 209228 559adca455e0ef1f204e96ac4fbe49ef http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 162262 ba2b1c266c3587a302212bf4f2ed240f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 208174 8c9fe75a24cde7114b2f7652537deecd http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 83422 1779b4541944fa8a94a1dd33e4cbc609 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_ia64.deb Size/MD5 checksum: 304150 4a2c480a73e0ed79b46b05b58fe0fd61
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 83190 e093dfcad8021f25f7176da924459c6c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_mips.deb Size/MD5 checksum: 170822 294522178e939a92592d5d146b68cd9d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 233580 961e112fcdeacc251dee947f8f724aa8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 232924 52a97e65bdccc87e309a82234ab89dab http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 149230 9708268be4f09ba11e5bb51179d928f2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 779762 d2c17dcc02d84293914bb3f4f6ab67d3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 228990 a141cf37d468e74442cbcd7012925e44 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 208192 33165f7a8cb46d7c296c248955128218 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 209244 b016214150d6ce9a7e43e64a851f5978 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 81522 1abe52816f5a0d8c00e3b2fb1879414f http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_mips.deb Size/MD5 checksum: 2463130 344c79f122bab946da9fc39f9a8a4b36
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 257046 c952768064ed400bb2e1d9e27e4ba99a http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 84070 e17bd8d31a36da03bef16415993e7e45 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 915634 53944e6d790f63ca816bf2136b79af3e http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 208218 b9e3f2e66531d56bb570424353272102 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 82412 766b0d2515db8ffeb85dca4b484105f1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 160476 8d0ecf34f8000fd940c921a0b3d4e548 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 209268 cf420bf9a74835ea64697f91b87803c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 257776 b6177ff3288d6b330f88be5c66257fb0 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 2495370 fd4dd820e677dc7e70c76e1fab8e92f6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_powerpc.deb Size/MD5 checksum: 252980 dc623a508aba2b5686b91b8dbaa960c8 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_powerpc.deb Size/MD5 checksum: 195282 f195b72bd2cb69fd34dad3e784789140
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 259520 fbaaf66f397575413ef453aa722144e8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 260108 2ae0ee8cc14adc7968258bd08a3e81ed http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 822996 d30704ff33a6aa78bbbd45a6f7ac0143 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 208180 38718b3016843e4c6143b42d3b305303 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 150432 c4efb820040316a31f1b101c52234ead http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 209230 7f38737a3435372a60be9bb1d55e28cb http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 83810 b975c720b2dfef46c355d4c46fe11981 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 82046 9c1ef780cb0b791585ca092084672204 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 2405236 abbada7447e8b5870bf8a8bf88a63ef2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_s390.deb Size/MD5 checksum: 255468 ff853775f302788837c58af1e78992c6
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_sparc.deb Size/MD5 checksum: 177430 6fc629e355d1631ffb88b8614d9fea10 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 2230948 0139ae6fb585ca7299549ff59e5317b8 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 210438 fe77b48974cfb980f1cbfd744cdab798 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 236456 2f7cf5cb7aa7eb2b40a914894c7aa883 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 83162 7c17c245241db944b85ca8972a19a785 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 240688 713eb6278ca62f82ed6837480fa278de http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 81388 b76095bbe6e716c35f6b1f2f76a35428 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 240168 6fa24064bf73b944fb41beea7b95f66e http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 211722 92acf170832b8d56e67dbd0760459e47 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 147228 a166a6f2e75dbedd9e3795af1b1f34af http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_sparc.deb Size/MD5 checksum: 780484 cfec1976f87aee4535b0de9df3410127
These files will probably be moved into the stable distribution on its next update. =========================================================== Ubuntu Security Notice USN-802-1 July 13, 2009 apache2 vulnerabilities CVE-2009-1890, CVE-2009-1891 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.6 apache2-mpm-perchild 2.0.55-4ubuntu2.6 apache2-mpm-prefork 2.0.55-4ubuntu2.6 apache2-mpm-worker 2.0.55-4ubuntu2.6 libapr0 2.0.55-4ubuntu2.6
Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.10 apache2-mpm-perchild 2.2.8-1ubuntu0.10 apache2-mpm-prefork 2.2.8-1ubuntu0.10 apache2-mpm-worker 2.2.8-1ubuntu0.10 apache2.2-common 2.2.8-1ubuntu0.10
Ubuntu 8.10: apache2-mpm-event 2.2.9-7ubuntu3.2 apache2-mpm-prefork 2.2.9-7ubuntu3.2 apache2-mpm-worker 2.2.9-7ubuntu3.2 apache2.2-common 2.2.9-7ubuntu3.2
Ubuntu 9.04: apache2-mpm-event 2.2.11-2ubuntu2.2 apache2-mpm-prefork 2.2.11-2ubuntu2.2 apache2-mpm-worker 2.2.11-2ubuntu2.2 apache2.2-common 2.2.11-2ubuntu2.2
In general, a standard system upgrade is sufficient to effect the necessary changes. A remote attacker could exploit this and cause a denial of service via memory resource consumption. (CVE-2009-1891)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.diff.gz
Size/MD5: 125440 0835eafec701c6f327e82270dca754a1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.dsc
Size/MD5: 1156 13cf43efabdc8e2180ade01709ff4063
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.6_all.deb
Size/MD5: 2125302 f97b87210dc35e7cf1b4014d755f5cc2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 833688 123cb5995bd422cf218db15691284ed2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 228978 33ea13f64f33acb69b73ad4c2fdfd9ff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 223958 e94df0f2fdcf8d0bf9e95d5149c58f73
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 228556 4e0c0d0ff7fc315c30250fb3d828cdfd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 172066 1f4106b81cc09f4bd78e066aef94201b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 172850 3b433ffaca5e5e36f7ebc2881fd7f1a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 94914 b872cbff9cda76856337a278dba5a9ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 36956 f628faa804ed2c2b5525952fbd94d5ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 286398 3ebb11712b0466f2c3d0b5243d1a0339
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_amd64.deb
Size/MD5: 144970 a8e8615104349a395c695915079eab69
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 786908 1c3f456b2c87dcf5fd21c9e783f4d06d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 203576 772d6129a7ef92cf5887c25466fda11b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 199470 315e863b2ad6aa1b669e7914cebc38a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 203002 573f96a5d3787106c8d6007d8afb88f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 172066 57fcc673853907cc24c432ef8b0f8e94
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 172834 85320d327250cf86fd6c48813384bdc0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 92862 d774e289f718d119dad6e765fd900679
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 36958 9b8758253a277d81c02b1c9fd50b8eba
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 262426 668cbde23862b43743e935ca8ff24e8a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_i386.deb
Size/MD5: 132884 f0bbccb2fc0f96b88b124c6942b9d957
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 859782 b3d991a69f5703d9e1339eafd0b5df17
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 220946 098441a8af78db25aea174320ffcd409
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 216552 a381af581b41112ac975fca40bec02e6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 220496 0d5ff99a81d4581edca2effaf04f1473
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 172052 84e4b88525b4ce0923c898264dbfea5a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 172850 159e27770e6f51e03f5284ea7f5ca190
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 104626 e320d5a9527e39d1998f7212db15825e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 36960 cdb428ea696ff7e0aaa972041839aef2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 281970 80f4c670c5c142303b7da95ec7f86b25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_powerpc.deb
Size/MD5: 142094 630a20d53c2ffe01b38c9c9e53badb37
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 804084 1025f38adde2a04a719393d5693dbd68
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 211136 73ae94138fb8b3e4dfbc1c9d5079a92c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 206806 431b7e7e3462e125d141ee9ec55a7825
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 210416 a2ce963e90818b3093d990f4632c4e8a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 172070 8335845d072dc411e8e670807dc7c604
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 172850 93e8d610d683005695699a153c40ce06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 93966 87d7968cec960afde5f9996803ac8a8a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 36956 585634ecaa1af88b1d92ab48feed15f7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 268546 c2b2894973ed231bf0292100ca662ced
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_sparc.deb
Size/MD5: 130872 f109c1fe224df9957a8837358365c750
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.diff.gz
Size/MD5: 135972 a2c9442eec99007779a145e71ba68b30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.dsc
Size/MD5: 1381 54f6072ce246ebc26a350fb53e5c99bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.10_all.deb
Size/MD5: 1928676 7231ea6584bc9b64c87d84a2fd7e5d00
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.10_all.deb
Size/MD5: 72560 abbc80191e059fce87c599f947b3b402
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.10_all.deb
Size/MD5: 6256206 e50391cd977f7df987c13e17bb163f8f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10_all.deb
Size/MD5: 45482 a40b40465c3f99f1dd15f8bc85d24b23
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 252722 95177119382131308fb3dcf98507a15c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 248352 20792be8ccf5b73e46ec4ca3f8c0726b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 252114 3a45c61b120d53327f52b101da77fe8f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 205226 1cdb16ee59e67550d536fc1ca2bf7576
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 205994 93adabf4102d299fb420a764a8cbfe33
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 141320 11fbd8d338da9da4fb2cfa47411e23b4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_amd64.deb
Size/MD5: 803332 f31a349c870550a044ac939c4876ead3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 235638 840b0a0bd4399a9799da6f42df7ccbb4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 231238 6a4d251375dc0f811f427ed3377ac0ab
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 234880 354e2a88b0dbc19a10a5294879a507b1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 205234 21900ec04423fb920197870e470b9aa7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 206016 8796b13fb273f61c6c7c4bfb9adbe6aa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 140294 ea6f40b6c12c27851a9f4f1e88aed544
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_i386.deb
Size/MD5: 754978 2ba7c3f44c9a5ed197c932232dad4808
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 235176 6248fed01caabbfb4d70d0c13c7f17f5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 230866 95f247897f3bd77ea304dfd6c9dfd85c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 234344 987ff978cbacde11bc7353702973d125
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 205230 d7576f846491b2833c50f39cc1b0dc75
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 206002 0e1b63983e424122ed1d39826d76335c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 140878 ce996c6cb3ec3552302869ae2256b20e
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_lpia.deb
Size/MD5: 749176 d26c165846c36706ed1d7590a8be3f7b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 253754 33add2865e4cd1c43a43895870454361
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 249222 538a952111c80146dd1887b556f7116b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 253320 ad19124a89163a1f1d2212a3ac67a3fc
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 205240 46728c8422948938f06a02677c2a5c77
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 206016 05d6ac042561eb4ea302c90540c64528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 158034 051b060ed2dd44f5271401e4acc2b9b4
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_powerpc.deb
Size/MD5: 905448 a839a4301bca447e91e58174aebad9be
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 237026 7f91acb658058ba572cfc7d223e9968c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 232794 8af73b6967e695bfcbb900bf0423a366
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 236262 ca2efbd5beef24f97cc4e94f0d45e511
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 205236 11ce3c413997a7203a2b1ddf2c7b608c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 206016 0b11cbb82ae743d2300a5da249af99a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 143500 00c0a815768281a1939510ecf16615bc
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_sparc.deb
Size/MD5: 764418 f1356117d9a2825fc87cb91344704e03
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.diff.gz
Size/MD5: 132027 05239552b7a95f91eef1d7606ef280c4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.dsc
Size/MD5: 1788 423154f094b3f5629e698638d9505a01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.2_all.deb
Size/MD5: 2041678 859eb46d09d45f53599d9d0a71f2fa89
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.2_all.deb
Size/MD5: 6536854 e3572b1d683e4ee6967779dd07b637fd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2_all.deb
Size/MD5: 45150 0ff7bf10b5bef6cf7258e6223f78736d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 254642 9f3bb3444753ace1ca55651c68924739
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 248846 00267b5ab16a55aed008578fbdb24bed
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 254018 81085b6d61faeb846e94b1a3bf8eb6a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 208170 8e360619ff15112e636aaedc0340f1ee
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 84142 3eaf3d803d582d3eb6fb29a79251df69
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 82494 8f293a595f34d6710adb931d5dbcaf0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 209220 73d2d91d313b951f643bf413467c4e5a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 147398 8a772d1dfdb49bae605bd7dee3f9f436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_amd64.deb
Size/MD5: 819864 42aeca74c2ee5d0f5a5a4e10037ece11
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 240962 6427fbd76596cbe52029e6ed5a7da703
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 235678 5155e38f8137c85b9c229b4eafa144e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 240298 9f4f26b4d98d8707e15b6b7d02430e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 208190 f68c7d60a09d53af6a8c8640b05e4ad9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 83572 dd5d339c3e3af404aa3ffd0904ec6c7c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 81968 7c7775dc8c89c4f7aec5f8c8a5f26e60
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 209236 079855f2fdc6843758bcad41421a46ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 146240 0b7ff0f038c7c40d84a1f342a1bbefca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_i386.deb
Size/MD5: 778084 226ed90dc2ba09af3a38dcc40b38d834
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 237982 7c7a5daf494862704d28d5c85d6c31cc
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 232612 96ea385cf513d314d8e84a4c442cc234
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 237230 4003bab7bbb427b1e9ec0e6d97c3e69b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 208176 af28e327890eaddff4108231268eee6e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 83530 4725b6872ac3ac9ad1ae62ba03592964
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 81950 adf39a429f5c04b6a5976c0b5ff30cd4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 209232 477e0f43b36e9961c13b6c0fab7a0dc1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 145928 6089cb1b3efa73128a00a237165076ea
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_lpia.deb
Size/MD5: 766230 f876845ac3aae12ef2e0f36996531ef0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 261150 afc86ac304cdc5af1550d346a8f8a3f9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 255750 b301c6b3f3b4ae21e5ef5cb7ffb56683
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 260470 4c333c87af3a087faeec0da6a282295b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 208184 94332d103f410b07c99d2f849e108ec6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 84210 edb9eb638c12753a58a5d582ecaa60fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 82556 356606fd10fe199eda49ba3258de85e4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 209232 0691c4dd34cb05a93799caa9929104d4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 160676 43a1b64573dd41946dec05b7afeeccf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_powerpc.deb
Size/MD5: 925826 7a95a689bc4e8a0462e9d8e43ac88f5d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 246372 db9d10ebc566f9f50210670fc8882819
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 240922 2b5b20a703e7f5d8fbc50fb1ee0b40f4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 245692 76832085d1b4ffd02948c9ac7b92b54e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 208196 f6355dfafe95b8915593d514d6ec4cdc
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 83754 2aa37c091a042bd92eea616af4eaa13d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 82126 dae25ab8ca9612b725ea89fb22cee433
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 209240 a93acaff6c5151aeddbbdeb335a1c8da
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 150576 43675606769e8ea6cbc172bbdf31ea09
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_sparc.deb
Size/MD5: 783584 323183add2eaf6e1360c9eefcf0d5f8a
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.diff.gz
Size/MD5: 135188 d64295fbf395fedc32558e37c89dd582
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.dsc
Size/MD5: 1795 45bf7dad8a81012c187e219c6c863c9d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.2_all.deb
Size/MD5: 2218918 e157363876dbb978176c6ba59dc01d61
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2_all.deb
Size/MD5: 46278 58851aa10579254cdb4d9f89e8b597c5
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.2_all.deb
Size/MD5: 6946286 067a7635b8627b031b9eb9cf0cc847bf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 258646 7446874f9db13dea5da20f225024f477
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 252848 823147209be87ff9322c276a8e2beace
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 258024 6bfdbf469c0b0ba45e543bf7688ac5ee
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 212932 aeeb0ccb1f8e72a15aaf08450a056c1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 213906 8621b4d1d85ab19f154a86ec465fa316
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 150776 f7def056c536f9b1a329a3b6fef43b7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 826672 e18163156730829c91161191ee00b340
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 87442 39f0e4aaf42e4bb049da17f26a0d9c25
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_amd64.deb
Size/MD5: 85730 a11a39f7102937e5d00b03190ff42a60
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 245132 c7202ff8f066903e207ebff93557644a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 239670 18279b3faf8344f9e7f903862114c998
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 244518 c24b66a4a61c2af8edf32b10867cf958
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 212922 a009d9ba9486ba53a3441ca2a48bc9d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 213898 6e26de281d137dfab7dbc700ca1f7eb5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 149678 d4499d622b98d7a9ed3a1b700f954e95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 783924 45fbb8ab4bfa3297b0e04231677f86a1
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 86818 9d01aae1849d4ccc93c64e7640912b64
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_i386.deb
Size/MD5: 85222 0a3f70a6697f945a1acec0629edd8586
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 242014 0b9676d42353eae308b923ac2c2172d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 236570 d42595dd3d5229a7db2f4a6b3047a372
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 241440 3cfa67183c677cc44fc9f0354231978b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 212924 83433f6847c191927c8bb5234339416a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 213902 4be2d9e80eabaea30169e3fa39ebe3d8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 149396 20350717c1cebdf372f0d11d09374852
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 773130 cbed31d2962a5e0c77a400434f9b7ff4
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 86764 6a9b7a0a9015044fff19ff9bf479fbc3
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_lpia.deb
Size/MD5: 85188 2d685381871858d3c685da5a2b44f0f7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 265094 41f064e2daa4ddaf422bcd5013163c11
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 260042 f60b2311f40da9c254fc7583a6a4215a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 264720 80ba36d44ae08be1f5593b9d60c873e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 212934 a35fed013193cf2d0c021baaac793a13
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 213912 d6f400db5f98bb345b063b5a191735fc
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 164086 36c7ab8da76606f2a1fa12328cd35123
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 932026 9a66083f7211f75a083c20a94efebf12
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 87516 8a913c9fd0b3f6e7c71cfb6ce6345702
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_powerpc.deb
Size/MD5: 85794 c74337f58c4bad32e2ca1349a182696a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 250414 dd2f00b98a1089c03950010ee4feacdc
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 244704 9748c6a30dd03d7a94b7ee0e5cbbf37c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 249756 68a0607bb1d915a1da034f3ecda6e492
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 212924 03ceb43c9e4494db9ce8e2375edadd5b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 213900 c17c6bdc630a6229922c969f94988c32
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 153928 0109fff49b9f806f9de07f2fbac15945
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 788928 11998be7f1d0a6f1952646df23936645
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 87010 a87263816f682082b234a7b3421b3729
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_sparc.deb
Size/MD5: 85318 a17451cf2fa5597b4bb6abb2145f2a55
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.3"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.3"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.1"
},
{
"_id": null,
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"_id": null,
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "hp-ux apache-based web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "v.2.2.15.03"
},
{
"_id": null,
"model": "application stack",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "v2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.3.z (server)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20080"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "2.2.7-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "35623"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "NVD",
"id": "CVE-2009-1891"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:apache-based_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_application_stack",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
}
]
},
"credits": {
"_id": null,
"data": "Joe Orton",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1891",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-1891",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-1891",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-1891",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-1891",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200907-157",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-1891",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1891"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "NVD",
"id": "CVE-2009-1891"
}
]
},
"description": {
"_id": null,
"data": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. The Apache \u0027mod_deflate\u0027 module is prone to a denial-of-service vulnerability. \nSuccessful exploits may allow remote attackers to cause denial-of-service conditions and prevent legitimate users from accessing the services. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2009:323\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : December 7, 2009\n Affected: 2008.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c\n in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to\n cause a denial of service (memory consumption) via multiple calls, as\n demonstrated by initial SSL client handshakes to the Apache HTTP Server\n mod_ssl that specify a compression algorithm (CVE-2008-1678). Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). \n \n The mod_proxy_ftp module in the Apache HTTP Server allows remote\n attackers to bypass intended access restrictions and send arbitrary\n commands to an FTP server via vectors related to the embedding of these\n commands in the Authorization HTTP header, as demonstrated by a certain\n module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.11-r2 \u003e= 2.2.11-r2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the Apache HTTP\nserver:\n\n* Jonathan Peatfield reported that the \"Options=IncludesNoEXEC\"\n argument to the \"AllowOverride\" directive is not processed properly\n (CVE-2009-1195). \n\n* Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp)\n does not correctly handle POST requests that do not contain a request\n body (CVE-2009-1191). \n\nImpact\n======\n\nA local attacker could circumvent restrictions put up by the server\nadministrator and execute arbitrary commands with the privileges of the\nuser running the Apache server. \n\nWorkaround\n==========\n\nRemove \"include\", \"mod_proxy_ajp\", \"mod_proxy_http\" and \"deflate\" from\nAPACHE2_MODULES in make.conf and rebuild Apache, or disable the\naforementioned modules in the Apache configuration. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.11-r2\"\n\nReferences\n==========\n\n [ 1 ] CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n [ 2 ] CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n [ 3 ] CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n [ 4 ] CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200907-04.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02824490\nVersion: 1\n\nHPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-05-05\nLast Updated: 2011-05-05\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. \n\nReferences: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2\nCVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4\nCVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6\nCVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1\nCVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8\nCVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software updates available to resolve these vulnerabilities. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. \n http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html\n\nCSWS_PHP V2.2\n http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html\n\nHISTORY\nVersion:1 (rev.1) - 5 May 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E\nHACgjeWEt9Ja5qNdjhL5iwOp3JVtVic=\n=EvRT\n-----END PGP SIGNATURE-----\n. This\nissue did not affect Debian 4.0 \"etch\". This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed. (CVE-2009-1891)\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4. \n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.11-7. \n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages. \n\nUpdated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.diff.gz\n Size/MD5 checksum: 127065 2705ba251cdd2e979ce85099b4548848\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.dsc\n Size/MD5 checksum: 1068 5090ccfce8dc2e193a0200a5046fc0c2\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.diff.gz\n Size/MD5 checksum: 12705 7327720850092af23dae939c8b6e0268\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz\n Size/MD5 checksum: 29071 63daaf8812777aacfd5a31ead4ff0061\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.dsc\n Size/MD5 checksum: 676 3823620d6958a99e0d9bf8d54172071e\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 6666600 863bd8f5274dcca2b348ddfb455f1e98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 274258 632e77496c06ac55702187083210c5bd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 2243400 3c97cd0ed50e13730082455509ccf2ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9_all.deb\n Size/MD5 checksum: 41428 765f1df6239124b257a17373ec12a25c\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_alpha.deb\n Size/MD5 checksum: 184750 a5ab12e5997c22cc5384f4dd57039bf0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 406786 9327ff1f134980e38e8af0a9bd333744\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 345748 e6aa3a131e39ea0da098cd68e769ca7b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 407410 1f8fa482173f33fbf635c4d4b622d6dd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 449496 f4bb6824e49f741d853b80c6cd1c34be\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 444670 26e6f91f3f21c9c3ce178abff526f8d6\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 1016848 234579bc27e5372455df962ae77da5ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_alpha.deb\n Size/MD5 checksum: 450004 8d41f42126489a657627549f3fd03236\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 408082 af95e2d0f5daba30588d20bee6ea1374\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 408766 8769e1922010d061afd64b917bf9ebfb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 436036 83d55a3ec28d1d2954d5c524ace972ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 999314 86e7fb785110434ba47a93ad08dfbb46\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 432016 34bea3d8a903690047c0ce17dff9d0a8\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_amd64.deb\n Size/MD5 checksum: 172540 7e6a45df8e195f3871b1d5f333a832d7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 341900 59846089ce413189c2a999b46ff9022c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_amd64.deb\n Size/MD5 checksum: 436510 c697b045a1b6643f4aca8f75b6019688\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 346122 69dc7042a32293cf61c6a037a0defcf2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 966476 cfe3ffb085393e3ed0d4c58a078b21c2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 422504 19091c57d38578606c074f637f5b9b77\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 421738 91f192b72202b0266f64e418c6ecf419\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 411030 5be3b5b0a332a274f16ac9fcfbfed59c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 411766 84009ab4d2335289437a721b2828f66e\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_arm.deb\n Size/MD5 checksum: 157456 c025f46f6df32cc58eb44c1fe43a0b95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_arm.deb\n Size/MD5 checksum: 418168 90253c45e4e2ddd858144f0df7083881\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 443192 062ef8c245a4d94bff4ffaa7de4e80bc\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 1078368 3796cc564424fa9302f59ecdfb609e07\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 351892 a140b65fb1cd39922347fa9c3bfd3378\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 439772 d654376818ab21c08354d91354f774e4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 410632 a287c471fe93b308f6b11262cd7a9f5a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 409756 41555f1eb2b8a1f506b72521a45da883\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_hppa.deb\n Size/MD5 checksum: 443650 e1ce0eaf55fb5f75061ec379d86ed00f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_hppa.deb\n Size/MD5 checksum: 179276 41098929aec66df2eb6aff15c65d185b\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 423714 80ff91b5681b3b65b9f82510b78995d8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 342508 473c50b8e3b3ff72f61fd2773ad0a5ec\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 419898 3efc018978b3f6879d4e17cd870da7c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 962488 9f79ca5450eb153eeb77d0ccdf63af53\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 424256 f7df4f2e8308b37945d6c9350fb68059\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_i386.deb\n Size/MD5 checksum: 160954 7bced5cbbed7133d3e7792b0aa40673c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 410094 c973180a87c19636cc18823d872eaaf5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_i386.deb\n Size/MD5 checksum: 409096 aca126fc936879a914786d64b39582f1\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_ia64.deb\n Size/MD5 checksum: 231658 8588ce0e7b8f4ac4a486c3ee1f7e3f98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 407390 c0070cc353345e43208362eb4b59fde2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 490872 0e1504ba3f45642856d2fa0b961f8700\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 1203918 a0f6cbde5068600b39a1ecd4ec6a5b47\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 497934 5c8cd8e03d196f3bf950c11c48c4ee8b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 360406 db46e71e165212b10d2fbda1a606cd98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 497114 289213d2c49b217caf6a35d69f63e1e7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_ia64.deb\n Size/MD5 checksum: 406772 84111944453e85d3abf713ae51826439\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_mips.deb\n Size/MD5 checksum: 170220 026044026baf1ce8467698a2a73aa5ab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 407938 b64b7c8cbc89b5a53ec2aaa58afec391\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 433466 cbb48f0d929ce882c39d76966ba70193\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 434190 ce951039761e140b5886fe57a255fa44\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 348326 a718aad2980aa88aacd1d521c41de077\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 409050 d35c3c4676678eb03b9661484051b391\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 976346 6a45c13a7402ec443a17760e26483bf8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_mips.deb\n Size/MD5 checksum: 429286 1bd2eed2169f0de38f651821aaa3da3b\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 432192 906d504de8f20bc6c8ad1469a837e195\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 406780 1e83caee969de1766eb5fc6067e76696\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 427394 8a6ca2bdba868fdebeee23dda1f72701\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 431602 90b2195a707a5b67745eabef4c2a8768\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 1035070 0c620f29ceab742f65dad5eaf1d9d4f4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 353950 a0ba6038b988595e5a23dd1fb7639c4c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_powerpc.deb\n Size/MD5 checksum: 407402 f0288619d689fc7dcf60860a4f36a933\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_powerpc.deb\n Size/MD5 checksum: 167642 c30002dbdc362dd5467146d1937dea53\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 418730 48e4d2f03309d7b24e3cde05a5b71a21\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 408606 1578768e504d10048c569485d9606289\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_sparc.deb\n Size/MD5 checksum: 157718 452a1e8f879fbc6d63a553d6baec602d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 343654 ac6444870699cc33ad7f961eed9398ce\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 422500 5a8ce79508be63aa69c4df345bb0cee0\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 959220 b771edecfb5c7813eca216bfe66a3898\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 422118 6565c943000320159110ac22dcd5f559\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_sparc.deb\n Size/MD5 checksum: 409490 c1a6eba5bc28035aa796688e47e5e4dc\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.dsc\n Size/MD5 checksum: 1164 307984cde328f4d612ab19f783850723\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.diff.gz\n Size/MD5 checksum: 13140 adfb807359e881c02f62c979a1f3728b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz\n Size/MD5 checksum: 33295 1da861a142f8d0d2e2a5bfbc7c760199\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.diff.gz\n Size/MD5 checksum: 138623 e83f70e3fe9dc21e23b9e12e0e3509a2\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.dsc\n Size/MD5 checksum: 1673 3edbeef1b78cdcb238a1b156b1e15bb3\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 6734400 79b3f9d5db6aa727567fbe8465ff90d4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 2060300 196001254f77a940ad90c9b71a852e77\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4_all.deb\n Size/MD5 checksum: 44714 bc0ebb5a9da11e825827315a6899abfb\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 847834 aaf8837f7c08aca3d011376dcffc7e16\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 147370 dbb9268ff94f758a080b6e8a05a4bdf2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 261110 83e82a6a01480d834aa5339e24f5969a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 256066 96f6245fa6e4ed746ef8262233f503ad\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 208196 6ee84eaafd8eb561b9a439dcbb783236\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 261798 a1229304be029b88e4f5c398f91f4e40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 83944 8b74c4d4c39b5ac398710dab602337e2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 209246 bc34fe81b34a34e0dc9f7ead8de8fe1a\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_alpha.deb\n Size/MD5 checksum: 198092 4881bbe2b0e5b4f348877e7ea627ce52\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 2401116 319b1da984a7f71cc3c7a7a5ba49b867\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_alpha.deb\n Size/MD5 checksum: 82234 4c29b98521c49ac1ecbc8d6c011abdfa\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 144626 5d4768acfae476c402e6fc4691b4546e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 209292 67863fa88619fd577003df2aa7cce0e0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 82096 a98e3f9008a265b60353de3951e2e398\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 208304 57c865b54fb1cc86c4a8cfab227bc306\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 253304 074663f709a0bf0ee633455f80fee628\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 257894 6360df03503d90a3d3ce328b864e6f51\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 2461864 89f24f597409e1c28c269d480c73e3e4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_amd64.deb\n Size/MD5 checksum: 195110 701e3f4e5f285547da2812995f2633c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 257386 4d91795d2a2fad9cdf6b68339b4829b6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 83788 5316f2c34b8b48c4add784cc76753456\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_amd64.deb\n Size/MD5 checksum: 814092 20325906f84a4e8fe2d44facc5b6b5d3\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 2325038 1d76ab85e35d2cbba2f03e27a298e94c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 80888 86bf973a332a92a29382ee8a46a6c026\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 785978 52f17dbf1fee0cd55ee9009fdd4f0fd8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 223420 dff6ac226c23cf2a09203988d7a2b9f1\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_arm.deb\n Size/MD5 checksum: 161996 1a897301ece23202fcfa1237255fc4d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 82676 d9fbdef2dff08820870956f9657a58e6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 219532 71eacc1f45625b1df19e76d75e3ba3c6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 146788 ac12d8e6bdf36cb3dcdc25cb18e3e30a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 210508 a21d73a92f2afc9fe444e8605a17b217\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 224274 522c6f94729d2a1dee88587c915d519d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_arm.deb\n Size/MD5 checksum: 209360 e929d57bd87b4274b164957b1ddecd28\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 225576 b0dcffd0883f47503ccf734f18852ad0\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 801902 185f8929c05f1908bcaa8b860f389578\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 221418 c65a0ed2b6c24ca34b7b8eaf89b371d4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 2339212 8774ee70034af693ad839a1a32cb8349\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_armel.deb\n Size/MD5 checksum: 162788 1af310dc30900cb2351f0b72700f1b6a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 83420 d8880a371ce336eb07ecdb6560658a9d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 150670 d78e5498f0eef77186479e10bb91b6b1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 213296 2bab992f24e1772284062500f3574524\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 212144 216add040a936ef2981edc7d9561e114\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 81784 cac9e229181c8437b445bdfb8812c3c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_armel.deb\n Size/MD5 checksum: 225852 ae8ac07aacb889e9f3e6c59c8b511fcf\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_hppa.deb\n Size/MD5 checksum: 183160 f2b39550c5f7e82e489c912166d9979e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 152354 065c6e2360f9a561032ff001da648d4d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 83830 de830f6d2a404e47907eff31c8e500f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 82196 16539b99fc2144c8bcfcd7af8d0ab185\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 246170 7d2bc68a96df307fed56456b73f03b66\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 246644 3047579aa5229cd6015dbb1e4235bd5e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 888518 69936f2c0a47f50d1656d42a1f07be60\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 211744 a16842a731424f0da311c9ad06db1e6d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 2380288 cd896ebb2704567cb74f3d0ee7e0eb4d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 210730 716d95b564b12cf4a3a44d3b847d1718\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_hppa.deb\n Size/MD5 checksum: 241526 9e86d0c72e5c01770d5b9a403eea1931\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 2321656 ec028a4db5a43f4ed9ad5be64752d03a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 236982 db7f962144ad83c02e89cf774292288b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 81826 14dc03b9022352f6ca89cc18d5a0330e\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_i386.deb\n Size/MD5 checksum: 178820 b6a82b00259627a7f7fb593d9b011766\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 83576 1bada724cf9b6dd9f63c650467efeba9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 142984 a5f47b4e360f4dfb1af40edc0fd4b029\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 212226 962c9711427d4b3040f2682cc76ab86a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 240950 d071d125f52595d24d7ce27a700125b2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 782590 91c5374730252660a652998778f37d8d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 210906 c3f8cc33efaf94bb394269a70c71a0d1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_i386.deb\n Size/MD5 checksum: 240464 5354fbeaf0547f9a42bb15093325f549\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 311214 f283915f5e76d3cd640589d549a76a71\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 85302 ff6953155bfaf472969417b48b2551f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 1035884 aa5c4d97a05db590c5f3f2cf4d19c555\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 2316556 d26cb59c9177ec0e71a95ad856d4e051\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_ia64.deb\n Size/MD5 checksum: 246932 42ab72304a76a62f65836b6c60c73010\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 312166 f58ecace375bd6b35f1a4062748c5408\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 209228 559adca455e0ef1f204e96ac4fbe49ef\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 162262 ba2b1c266c3587a302212bf4f2ed240f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 208174 8c9fe75a24cde7114b2f7652537deecd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 83422 1779b4541944fa8a94a1dd33e4cbc609\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_ia64.deb\n Size/MD5 checksum: 304150 4a2c480a73e0ed79b46b05b58fe0fd61\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 83190 e093dfcad8021f25f7176da924459c6c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_mips.deb\n Size/MD5 checksum: 170822 294522178e939a92592d5d146b68cd9d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 233580 961e112fcdeacc251dee947f8f724aa8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 232924 52a97e65bdccc87e309a82234ab89dab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 149230 9708268be4f09ba11e5bb51179d928f2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 779762 d2c17dcc02d84293914bb3f4f6ab67d3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 228990 a141cf37d468e74442cbcd7012925e44\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 208192 33165f7a8cb46d7c296c248955128218\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 209244 b016214150d6ce9a7e43e64a851f5978\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 81522 1abe52816f5a0d8c00e3b2fb1879414f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_mips.deb\n Size/MD5 checksum: 2463130 344c79f122bab946da9fc39f9a8a4b36\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 257046 c952768064ed400bb2e1d9e27e4ba99a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 84070 e17bd8d31a36da03bef16415993e7e45\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 915634 53944e6d790f63ca816bf2136b79af3e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 208218 b9e3f2e66531d56bb570424353272102\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 82412 766b0d2515db8ffeb85dca4b484105f1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 160476 8d0ecf34f8000fd940c921a0b3d4e548\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 209268 cf420bf9a74835ea64697f91b87803c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 257776 b6177ff3288d6b330f88be5c66257fb0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 2495370 fd4dd820e677dc7e70c76e1fab8e92f6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_powerpc.deb\n Size/MD5 checksum: 252980 dc623a508aba2b5686b91b8dbaa960c8\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_powerpc.deb\n Size/MD5 checksum: 195282 f195b72bd2cb69fd34dad3e784789140\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 259520 fbaaf66f397575413ef453aa722144e8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 260108 2ae0ee8cc14adc7968258bd08a3e81ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 822996 d30704ff33a6aa78bbbd45a6f7ac0143\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 208180 38718b3016843e4c6143b42d3b305303\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 150432 c4efb820040316a31f1b101c52234ead\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 209230 7f38737a3435372a60be9bb1d55e28cb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 83810 b975c720b2dfef46c355d4c46fe11981\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 82046 9c1ef780cb0b791585ca092084672204\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 2405236 abbada7447e8b5870bf8a8bf88a63ef2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_s390.deb\n Size/MD5 checksum: 255468 ff853775f302788837c58af1e78992c6\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_sparc.deb\n Size/MD5 checksum: 177430 6fc629e355d1631ffb88b8614d9fea10\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 2230948 0139ae6fb585ca7299549ff59e5317b8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 210438 fe77b48974cfb980f1cbfd744cdab798\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 236456 2f7cf5cb7aa7eb2b40a914894c7aa883\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 83162 7c17c245241db944b85ca8972a19a785\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 240688 713eb6278ca62f82ed6837480fa278de\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 81388 b76095bbe6e716c35f6b1f2f76a35428\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 240168 6fa24064bf73b944fb41beea7b95f66e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 211722 92acf170832b8d56e67dbd0760459e47\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 147228 a166a6f2e75dbedd9e3795af1b1f34af\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_sparc.deb\n Size/MD5 checksum: 780484 cfec1976f87aee4535b0de9df3410127\n\n\n These files will probably be moved into the stable distribution on\n its next update. ===========================================================\nUbuntu Security Notice USN-802-1 July 13, 2009\napache2 vulnerabilities\nCVE-2009-1890, CVE-2009-1891\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.6\n apache2-mpm-perchild 2.0.55-4ubuntu2.6\n apache2-mpm-prefork 2.0.55-4ubuntu2.6\n apache2-mpm-worker 2.0.55-4ubuntu2.6\n libapr0 2.0.55-4ubuntu2.6\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.10\n apache2-mpm-perchild 2.2.8-1ubuntu0.10\n apache2-mpm-prefork 2.2.8-1ubuntu0.10\n apache2-mpm-worker 2.2.8-1ubuntu0.10\n apache2.2-common 2.2.8-1ubuntu0.10\n\nUbuntu 8.10:\n apache2-mpm-event 2.2.9-7ubuntu3.2\n apache2-mpm-prefork 2.2.9-7ubuntu3.2\n apache2-mpm-worker 2.2.9-7ubuntu3.2\n apache2.2-common 2.2.9-7ubuntu3.2\n\nUbuntu 9.04:\n apache2-mpm-event 2.2.11-2ubuntu2.2\n apache2-mpm-prefork 2.2.11-2ubuntu2.2\n apache2-mpm-worker 2.2.11-2ubuntu2.2\n apache2.2-common 2.2.11-2ubuntu2.2\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. A remote attacker\ncould exploit this and cause a denial of service via memory resource\nconsumption. (CVE-2009-1891)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.diff.gz\n Size/MD5: 125440 0835eafec701c6f327e82270dca754a1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.dsc\n Size/MD5: 1156 13cf43efabdc8e2180ade01709ff4063\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.6_all.deb\n Size/MD5: 2125302 f97b87210dc35e7cf1b4014d755f5cc2\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 833688 123cb5995bd422cf218db15691284ed2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 228978 33ea13f64f33acb69b73ad4c2fdfd9ff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 223958 e94df0f2fdcf8d0bf9e95d5149c58f73\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 228556 4e0c0d0ff7fc315c30250fb3d828cdfd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 172066 1f4106b81cc09f4bd78e066aef94201b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 172850 3b433ffaca5e5e36f7ebc2881fd7f1a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 94914 b872cbff9cda76856337a278dba5a9ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 36956 f628faa804ed2c2b5525952fbd94d5ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 286398 3ebb11712b0466f2c3d0b5243d1a0339\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_amd64.deb\n Size/MD5: 144970 a8e8615104349a395c695915079eab69\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 786908 1c3f456b2c87dcf5fd21c9e783f4d06d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 203576 772d6129a7ef92cf5887c25466fda11b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 199470 315e863b2ad6aa1b669e7914cebc38a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 203002 573f96a5d3787106c8d6007d8afb88f6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 172066 57fcc673853907cc24c432ef8b0f8e94\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 172834 85320d327250cf86fd6c48813384bdc0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 92862 d774e289f718d119dad6e765fd900679\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 36958 9b8758253a277d81c02b1c9fd50b8eba\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 262426 668cbde23862b43743e935ca8ff24e8a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_i386.deb\n Size/MD5: 132884 f0bbccb2fc0f96b88b124c6942b9d957\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 859782 b3d991a69f5703d9e1339eafd0b5df17\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 220946 098441a8af78db25aea174320ffcd409\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 216552 a381af581b41112ac975fca40bec02e6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 220496 0d5ff99a81d4581edca2effaf04f1473\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 172052 84e4b88525b4ce0923c898264dbfea5a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 172850 159e27770e6f51e03f5284ea7f5ca190\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 104626 e320d5a9527e39d1998f7212db15825e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 36960 cdb428ea696ff7e0aaa972041839aef2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 281970 80f4c670c5c142303b7da95ec7f86b25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_powerpc.deb\n Size/MD5: 142094 630a20d53c2ffe01b38c9c9e53badb37\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 804084 1025f38adde2a04a719393d5693dbd68\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 211136 73ae94138fb8b3e4dfbc1c9d5079a92c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 206806 431b7e7e3462e125d141ee9ec55a7825\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 210416 a2ce963e90818b3093d990f4632c4e8a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 172070 8335845d072dc411e8e670807dc7c604\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 172850 93e8d610d683005695699a153c40ce06\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 93966 87d7968cec960afde5f9996803ac8a8a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 36956 585634ecaa1af88b1d92ab48feed15f7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 268546 c2b2894973ed231bf0292100ca662ced\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_sparc.deb\n Size/MD5: 130872 f109c1fe224df9957a8837358365c750\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.diff.gz\n Size/MD5: 135972 a2c9442eec99007779a145e71ba68b30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.dsc\n Size/MD5: 1381 54f6072ce246ebc26a350fb53e5c99bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.10_all.deb\n Size/MD5: 1928676 7231ea6584bc9b64c87d84a2fd7e5d00\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.10_all.deb\n Size/MD5: 72560 abbc80191e059fce87c599f947b3b402\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.10_all.deb\n Size/MD5: 6256206 e50391cd977f7df987c13e17bb163f8f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10_all.deb\n Size/MD5: 45482 a40b40465c3f99f1dd15f8bc85d24b23\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 252722 95177119382131308fb3dcf98507a15c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 248352 20792be8ccf5b73e46ec4ca3f8c0726b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 252114 3a45c61b120d53327f52b101da77fe8f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 205226 1cdb16ee59e67550d536fc1ca2bf7576\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 205994 93adabf4102d299fb420a764a8cbfe33\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 141320 11fbd8d338da9da4fb2cfa47411e23b4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_amd64.deb\n Size/MD5: 803332 f31a349c870550a044ac939c4876ead3\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 235638 840b0a0bd4399a9799da6f42df7ccbb4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 231238 6a4d251375dc0f811f427ed3377ac0ab\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 234880 354e2a88b0dbc19a10a5294879a507b1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 205234 21900ec04423fb920197870e470b9aa7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 206016 8796b13fb273f61c6c7c4bfb9adbe6aa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 140294 ea6f40b6c12c27851a9f4f1e88aed544\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_i386.deb\n Size/MD5: 754978 2ba7c3f44c9a5ed197c932232dad4808\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 235176 6248fed01caabbfb4d70d0c13c7f17f5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 230866 95f247897f3bd77ea304dfd6c9dfd85c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 234344 987ff978cbacde11bc7353702973d125\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 205230 d7576f846491b2833c50f39cc1b0dc75\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 206002 0e1b63983e424122ed1d39826d76335c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 140878 ce996c6cb3ec3552302869ae2256b20e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_lpia.deb\n Size/MD5: 749176 d26c165846c36706ed1d7590a8be3f7b\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 253754 33add2865e4cd1c43a43895870454361\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 249222 538a952111c80146dd1887b556f7116b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 253320 ad19124a89163a1f1d2212a3ac67a3fc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 205240 46728c8422948938f06a02677c2a5c77\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 206016 05d6ac042561eb4ea302c90540c64528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 158034 051b060ed2dd44f5271401e4acc2b9b4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_powerpc.deb\n Size/MD5: 905448 a839a4301bca447e91e58174aebad9be\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 237026 7f91acb658058ba572cfc7d223e9968c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 232794 8af73b6967e695bfcbb900bf0423a366\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 236262 ca2efbd5beef24f97cc4e94f0d45e511\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 205236 11ce3c413997a7203a2b1ddf2c7b608c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 206016 0b11cbb82ae743d2300a5da249af99a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 143500 00c0a815768281a1939510ecf16615bc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_sparc.deb\n Size/MD5: 764418 f1356117d9a2825fc87cb91344704e03\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.diff.gz\n Size/MD5: 132027 05239552b7a95f91eef1d7606ef280c4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.dsc\n Size/MD5: 1788 423154f094b3f5629e698638d9505a01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.2_all.deb\n Size/MD5: 2041678 859eb46d09d45f53599d9d0a71f2fa89\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.2_all.deb\n Size/MD5: 6536854 e3572b1d683e4ee6967779dd07b637fd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2_all.deb\n Size/MD5: 45150 0ff7bf10b5bef6cf7258e6223f78736d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 254642 9f3bb3444753ace1ca55651c68924739\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 248846 00267b5ab16a55aed008578fbdb24bed\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 254018 81085b6d61faeb846e94b1a3bf8eb6a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 208170 8e360619ff15112e636aaedc0340f1ee\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 84142 3eaf3d803d582d3eb6fb29a79251df69\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 82494 8f293a595f34d6710adb931d5dbcaf0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 209220 73d2d91d313b951f643bf413467c4e5a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 147398 8a772d1dfdb49bae605bd7dee3f9f436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_amd64.deb\n Size/MD5: 819864 42aeca74c2ee5d0f5a5a4e10037ece11\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 240962 6427fbd76596cbe52029e6ed5a7da703\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 235678 5155e38f8137c85b9c229b4eafa144e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 240298 9f4f26b4d98d8707e15b6b7d02430e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 208190 f68c7d60a09d53af6a8c8640b05e4ad9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 83572 dd5d339c3e3af404aa3ffd0904ec6c7c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 81968 7c7775dc8c89c4f7aec5f8c8a5f26e60\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 209236 079855f2fdc6843758bcad41421a46ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 146240 0b7ff0f038c7c40d84a1f342a1bbefca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_i386.deb\n Size/MD5: 778084 226ed90dc2ba09af3a38dcc40b38d834\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 237982 7c7a5daf494862704d28d5c85d6c31cc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 232612 96ea385cf513d314d8e84a4c442cc234\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 237230 4003bab7bbb427b1e9ec0e6d97c3e69b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 208176 af28e327890eaddff4108231268eee6e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 83530 4725b6872ac3ac9ad1ae62ba03592964\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 81950 adf39a429f5c04b6a5976c0b5ff30cd4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 209232 477e0f43b36e9961c13b6c0fab7a0dc1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 145928 6089cb1b3efa73128a00a237165076ea\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_lpia.deb\n Size/MD5: 766230 f876845ac3aae12ef2e0f36996531ef0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 261150 afc86ac304cdc5af1550d346a8f8a3f9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 255750 b301c6b3f3b4ae21e5ef5cb7ffb56683\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 260470 4c333c87af3a087faeec0da6a282295b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 208184 94332d103f410b07c99d2f849e108ec6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 84210 edb9eb638c12753a58a5d582ecaa60fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 82556 356606fd10fe199eda49ba3258de85e4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 209232 0691c4dd34cb05a93799caa9929104d4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 160676 43a1b64573dd41946dec05b7afeeccf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_powerpc.deb\n Size/MD5: 925826 7a95a689bc4e8a0462e9d8e43ac88f5d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 246372 db9d10ebc566f9f50210670fc8882819\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 240922 2b5b20a703e7f5d8fbc50fb1ee0b40f4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 245692 76832085d1b4ffd02948c9ac7b92b54e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 208196 f6355dfafe95b8915593d514d6ec4cdc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 83754 2aa37c091a042bd92eea616af4eaa13d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 82126 dae25ab8ca9612b725ea89fb22cee433\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 209240 a93acaff6c5151aeddbbdeb335a1c8da\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 150576 43675606769e8ea6cbc172bbdf31ea09\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_sparc.deb\n Size/MD5: 783584 323183add2eaf6e1360c9eefcf0d5f8a\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.diff.gz\n Size/MD5: 135188 d64295fbf395fedc32558e37c89dd582\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.dsc\n Size/MD5: 1795 45bf7dad8a81012c187e219c6c863c9d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.2_all.deb\n Size/MD5: 2218918 e157363876dbb978176c6ba59dc01d61\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2_all.deb\n Size/MD5: 46278 58851aa10579254cdb4d9f89e8b597c5\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.2_all.deb\n Size/MD5: 6946286 067a7635b8627b031b9eb9cf0cc847bf\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 258646 7446874f9db13dea5da20f225024f477\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 252848 823147209be87ff9322c276a8e2beace\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 258024 6bfdbf469c0b0ba45e543bf7688ac5ee\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 212932 aeeb0ccb1f8e72a15aaf08450a056c1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 213906 8621b4d1d85ab19f154a86ec465fa316\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 150776 f7def056c536f9b1a329a3b6fef43b7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 826672 e18163156730829c91161191ee00b340\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 87442 39f0e4aaf42e4bb049da17f26a0d9c25\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_amd64.deb\n Size/MD5: 85730 a11a39f7102937e5d00b03190ff42a60\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 245132 c7202ff8f066903e207ebff93557644a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 239670 18279b3faf8344f9e7f903862114c998\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 244518 c24b66a4a61c2af8edf32b10867cf958\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 212922 a009d9ba9486ba53a3441ca2a48bc9d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 213898 6e26de281d137dfab7dbc700ca1f7eb5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 149678 d4499d622b98d7a9ed3a1b700f954e95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 783924 45fbb8ab4bfa3297b0e04231677f86a1\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 86818 9d01aae1849d4ccc93c64e7640912b64\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_i386.deb\n Size/MD5: 85222 0a3f70a6697f945a1acec0629edd8586\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 242014 0b9676d42353eae308b923ac2c2172d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 236570 d42595dd3d5229a7db2f4a6b3047a372\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 241440 3cfa67183c677cc44fc9f0354231978b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 212924 83433f6847c191927c8bb5234339416a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 213902 4be2d9e80eabaea30169e3fa39ebe3d8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 149396 20350717c1cebdf372f0d11d09374852\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 773130 cbed31d2962a5e0c77a400434f9b7ff4\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 86764 6a9b7a0a9015044fff19ff9bf479fbc3\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_lpia.deb\n Size/MD5: 85188 2d685381871858d3c685da5a2b44f0f7\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 265094 41f064e2daa4ddaf422bcd5013163c11\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 260042 f60b2311f40da9c254fc7583a6a4215a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 264720 80ba36d44ae08be1f5593b9d60c873e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 212934 a35fed013193cf2d0c021baaac793a13\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 213912 d6f400db5f98bb345b063b5a191735fc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 164086 36c7ab8da76606f2a1fa12328cd35123\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 932026 9a66083f7211f75a083c20a94efebf12\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 87516 8a913c9fd0b3f6e7c71cfb6ce6345702\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_powerpc.deb\n Size/MD5: 85794 c74337f58c4bad32e2ca1349a182696a\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 250414 dd2f00b98a1089c03950010ee4feacdc\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 244704 9748c6a30dd03d7a94b7ee0e5cbbf37c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 249756 68a0607bb1d915a1da034f3ecda6e492\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 212924 03ceb43c9e4494db9ce8e2375edadd5b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 213900 c17c6bdc630a6229922c969f94988c32\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 153928 0109fff49b9f806f9de07f2fbac15945\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 788928 11998be7f1d0a6f1952646df23936645\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 87010 a87263816f682082b234a7b3421b3729\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_sparc.deb\n Size/MD5: 85318 a17451cf2fa5597b4bb6abb2145f2a55\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1891"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "BID",
"id": "35623"
},
{
"db": "VULMON",
"id": "CVE-2009-1891"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "79108"
},
{
"db": "PACKETSTORM",
"id": "79738"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "79042"
},
{
"db": "PACKETSTORM",
"id": "79283"
},
{
"db": "PACKETSTORM",
"id": "79142"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-1891",
"trust": 3.5
},
{
"db": "SECUNIA",
"id": "35793",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "35781",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2009-1841",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "55782",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1022529",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "37152",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35865",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37221",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35721",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3184",
"trust": 1.7
},
{
"db": "BID",
"id": "35623",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2009-1891",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79042",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79283",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79142",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1891"
},
{
"db": "BID",
"id": "35623"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "79108"
},
{
"db": "PACKETSTORM",
"id": "79738"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "79042"
},
{
"db": "PACKETSTORM",
"id": "79283"
},
{
"db": "PACKETSTORM",
"id": "79142"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "NVD",
"id": "CVE-2009-1891"
}
]
},
"id": "VAR-200907-0693",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17203079500000001
},
"last_update_date": "2026-04-10T22:08:43.165000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.0.64",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
},
{
"title": "Fixed in Apache httpd 2.2.12",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.12"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937"
},
{
"title": "HT3937",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3937?viewlocale=ja_JP"
},
{
"title": "httpd-2.2.3-22.2.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=453"
},
{
"title": "HPUXWSATW313",
"trust": 0.8,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313"
},
{
"title": "HPSBUX02612",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02579879"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
},
{
"title": "PK91361",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361\u0026loc=en_US"
},
{
"title": "7014506",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506#7007"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239"
},
{
"title": "7014463",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7007"
},
{
"title": "4023947",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24023947"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "1820",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1820"
},
{
"title": "1761",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1761"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1205.html"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1580.html"
},
{
"title": "RHSA-2009:1156",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1156.html"
},
{
"title": "RHSA-2009:1148",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"
},
{
"title": "multiple_vulnerabilities_in_the_apache",
"trust": 0.8,
"url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_the_apache"
},
{
"title": "TLSA-2009-21",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-21j.txt"
},
{
"title": "TLSA-2009-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1580J.html"
},
{
"title": "RHSA-2009:1148",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1148J.html"
},
{
"title": "RHSA-2009:1205",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1205J.html"
},
{
"title": "interstage_as_201103",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201103.html"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091148 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091155 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-802-1"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2009-1890 denial-of-service vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=27a7857086782f39f384e64ef1dfc6c9"
},
{
"title": "Debian CVElist Bug Report Logs: apache2.2-common: DOS possible with mod_deflate",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=45d0900970e283827439fe57bcc6422e"
},
{
"title": "Ubuntu Security Notice: apache2 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-802-2"
},
{
"title": "Debian Security Advisories: DSA-1834-1 apache2 -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=f2b1dcd1a5ecefb05e999469ada4023a"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a36c9e7334a243cf3d9e15331467e21c"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2009-1891 "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/DButter/whitehat_public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1891"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "NVD",
"id": "CVE-2009-1891"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1022529"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/35781"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/35793"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/1841"
},
{
"trust": 2.5,
"url": "http://osvdb.org/55782"
},
{
"trust": 2.0,
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:149"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"trust": 1.7,
"url": "https://rhn.redhat.com/errata/rhsa-2009-1148.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35865"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2009/dsa-1834"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2009-1156.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35721"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-802-1"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg01363.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37152"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3937"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk91361"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37221"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk99480"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/wiki/advisories:rpsa-2009-0142"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0142"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9248"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8632"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12361"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-dev\u0026m=124661528519546\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-dev\u0026m=124621326524824\u0026w=2"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/bid/35623"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1891"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev\u0026m=124621326524824\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev\u0026m=124661528519546\u0026w=2"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=791454"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100071565"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2009-1160.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.3,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2009-1891"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2009:1148"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/802-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20215"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch9_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9_all.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.10_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.10_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.10_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.10.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.10_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.10_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.2_i386.deb"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1891"
},
{
"db": "BID",
"id": "35623"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "79108"
},
{
"db": "PACKETSTORM",
"id": "79738"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "79042"
},
{
"db": "PACKETSTORM",
"id": "79283"
},
{
"db": "PACKETSTORM",
"id": "79142"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
},
{
"db": "NVD",
"id": "CVE-2009-1891"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2009-1891",
"ident": null
},
{
"db": "BID",
"id": "35623",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83521",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79108",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79738",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79042",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79283",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "79142",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001892",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-1891",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-07-10T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1891",
"ident": null
},
{
"date": "2009-07-06T00:00:00",
"db": "BID",
"id": "35623",
"ident": null
},
{
"date": "2009-12-07T21:57:59",
"db": "PACKETSTORM",
"id": "83521",
"ident": null
},
{
"date": "2009-07-13T15:46:56",
"db": "PACKETSTORM",
"id": "79108",
"ident": null
},
{
"date": "2009-07-28T22:40:34",
"db": "PACKETSTORM",
"id": "79738",
"ident": null
},
{
"date": "2011-05-10T00:45:11",
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"date": "2009-07-09T18:00:52",
"db": "PACKETSTORM",
"id": "79042",
"ident": null
},
{
"date": "2009-07-16T21:19:17",
"db": "PACKETSTORM",
"id": "79283",
"ident": null
},
{
"date": "2009-07-13T21:16:00",
"db": "PACKETSTORM",
"id": "79142",
"ident": null
},
{
"date": "2009-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-157",
"ident": null
},
{
"date": "2009-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001892",
"ident": null
},
{
"date": "2009-07-10T15:30:00.187000",
"db": "NVD",
"id": "CVE-2009-1891",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1891",
"ident": null
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "35623",
"ident": null
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200907-157",
"ident": null
},
{
"date": "2011-11-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001892",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-1891",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "79738"
},
{
"db": "PACKETSTORM",
"id": "79042"
},
{
"db": "PACKETSTORM",
"id": "79283"
},
{
"db": "PACKETSTORM",
"id": "79142"
},
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Apache httpd of mod_deflate Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001892"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200907-157"
}
],
"trust": 0.6
}
}
VAR-200711-0538
Vulnerability from variot - Updated: 2026-04-10 22:03Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Gentoo Linux Security Advisory GLSA 200803-19
http://security.gentoo.org/
Severity: Normal Title: Apache: Multiple vulnerabilities Date: March 11, 2008 Bugs: #201163, #204410, #205195, #209899 ID: 200803-19
Synopsis
Multiple vulnerabilities have been discovered in Apache.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.8 >= 2.2.8
Description
Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8"
References
[ 1 ] CVE-2007-6203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203 [ 2 ] CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 [ 3 ] CVE-2008-0005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 [ 4 ] CVE-2008-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455 [ 5 ] CVE-2008-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. =========================================================== Ubuntu Security Notice USN-731-1 March 10, 2009 apache2 vulnerabilities CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2
Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.4 apache2-mpm-perchild 2.2.8-1ubuntu0.4 apache2-mpm-prefork 2.2.8-1ubuntu0.4 apache2-mpm-worker 2.2.8-1ubuntu0.4 apache2.2-common 2.2.8-1ubuntu0.4
In general, a standard system upgrade is sufficient to effect the necessary changes. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203)
It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)
It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678)
It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168)
It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364)
It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz
Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc
Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb
Size/MD5: 2124948 5153435633998e4190b54eb101afd271
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb
Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 786528 353ed1839a8201d0211ede114565e60d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 199114 6a77314579722ca085726e4220be4e9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 92520 787a673994d746b4ad3788c16516832a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb
Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb
Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 803706 f14be1535acf528f89d301c8ec092015
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 211028 28b74d86e10301276cadef208b460658
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 268178 5a853d01127853405a677c53dc2bf254
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb
Size/MD5: 130456 a0a51bb9405224948b88903779347427
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz
Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc
Size/MD5: 1333 b028e602b998a666681d1aa73b980c06
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb
Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb
Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb
Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 410674 684ad4367bc9250468351b5807dee424
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 411258 17f53e8d3898607ce155dc333237690c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb
Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 367392 612ddcebee145f765163a0b30124393a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb
Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 410676 cf7bed097f63e3c24337813621866498
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 411252 5a30177f7039f52783576e126cf042d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb
Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz
Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc
Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb
Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb
Size/MD5: 801764 3759103e3417d44bea8866399ba34a66
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 139904 b503316d420ccb7efae5082368b95e01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb
Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb
Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb
Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb
Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01905287 Version: 1
HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-10-21 Last Updated: 2009-10-21
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location:
URL http://software.hp.com
Note: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05 Note: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12
Web Server Suite Version HP-UX Release Depot name
Web Server v3.06 B.11.23 and B.11.31 PA-32 HPUX22SATW-1123-32.depot
Web Server v3.06 B.11.23 and B.11.31 IA-64 HPUX22SATW-1123-64.depot
Web Server v2.27 B.11.11 PA-32 HPUXSATW-1111-64-32.depot
Web Server v2.27 B.11.23 PA-32 and IA-64 HPUXWSATW-1123-64-bit.depot
Web Server v2.27 B.11.31 IA-32 and IA-64 HPUXSATW-1131-64.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Web Server Suite before v3.06 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.05 or subsequent
HP-UX B.11.31
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.05 or subsequent
For Web Server Suite before v2.27 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
HP-UX B.11.23
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
HP-UX B.11.31
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 21 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7 hQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0= =TAoy -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.57"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.62"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.7"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.27"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.15"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"_id": null,
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux multimedia",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux personal",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise edition"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard edition"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard edition version 4"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web edition"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web edition version 4"
},
{
"_id": null,
"model": "web server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.13"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.19"
},
{
"_id": null,
"model": "hardware management console for pseries r1.3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "hardware management console for iseries r1.3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.12"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.27"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.23"
},
{
"_id": null,
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
}
],
"sources": [
{
"db": "BID",
"id": "26663"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "NVD",
"id": "CVE-2007-6203"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_multimedia",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_personal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
}
]
},
"credits": {
"_id": null,
"data": "Amit Klein Amit.Klein@SanctumInc.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6203",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-6203",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6203",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-6203",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-012",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-6203",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6203"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "NVD",
"id": "CVE-2007-6203"
}
]
},
"description": {
"_id": null,
"data": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. \nAn attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. \nApache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200803-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Multiple vulnerabilities\n Date: March 11, 2008\n Bugs: #201163, #204410, #205195, #209899\n ID: 200803-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Apache. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.8 \u003e= 2.2.8\n\nDescription\n===========\n\nAdrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method\nspecifier header is not properly sanitized when the HTTP return code is\n\"413 Request Entity too large\" (CVE-2007-6203). The mod_proxy_balancer\nmodule does not properly check the balancer name before using it\n(CVE-2007-6422). The mod_proxy_ftp does not define a charset in its\nanswers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported\nthat filenames are not properly sanitized within the mod_negociation\nmodule (CVE-2008-0455, CVE-2008-0456). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.8\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-6203\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203\n [ 2 ] CVE-2007-6422\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422\n [ 3 ] CVE-2008-0005\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n [ 4 ] CVE-2008-0455\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455\n [ 5 ] CVE-2008-0456\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200803-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. ===========================================================\nUbuntu Security Notice USN-731-1 March 10, 2009\napache2 vulnerabilities\nCVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168,\nCVE-2008-2364, CVE-2008-2939\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 7.10\nUbuntu 8.04 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.4\n apache2-mpm-perchild 2.0.55-4ubuntu2.4\n apache2-mpm-prefork 2.0.55-4ubuntu2.4\n apache2-mpm-worker 2.0.55-4ubuntu2.4\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.2\n apache2-mpm-perchild 2.2.4-3ubuntu0.2\n apache2-mpm-prefork 2.2.4-3ubuntu0.2\n apache2-mpm-worker 2.2.4-3ubuntu0.2\n apache2.2-common 2.2.4-3ubuntu0.2\n\nUbuntu 8.04 LTS:\n apache2-mpm-event 2.2.8-1ubuntu0.4\n apache2-mpm-perchild 2.2.8-1ubuntu0.4\n apache2-mpm-prefork 2.2.8-1ubuntu0.4\n apache2-mpm-worker 2.2.8-1ubuntu0.4\n apache2.2-common 2.2.8-1ubuntu0.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. With cross-site scripting vulnerabilities, if a user were tricked into\nviewing server output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. This issue only affected Ubuntu 6.06 LTS and\n7.10. (CVE-2007-6203)\n\nIt was discovered that Apache was vulnerable to a cross-site request forgery\n(CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator\nwere tricked into clicking a link on a specially crafted web page, an attacker\ncould trigger commands that could modify the balancer manager configuration. \nThis issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420)\n\nIt was discovered that Apache had a memory leak when using mod_ssl with\ncompression. A remote attacker could exploit this to exhaust server memory,\nleading to a denial of service. This issue only affected Ubuntu 7.10. \n(CVE-2008-1678)\n\nIt was discovered that in certain conditions, Apache did not specify a default\ncharacter set when returning certain error messages containing UTF-7 encoded\ndata, which could result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. This issue only affected Ubuntu 6.06 LTS and\n7.10. (CVE-2008-2168)\n\nIt was discovered that when configured as a proxy server, Apache did not limit\nthe number of forwarded interim responses. A malicious remote server could send\na large number of interim responses and cause a denial of service via memory\nexhaustion. (CVE-2008-2364)\n\nIt was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when\nthey are returned in directory listings, which could result in browsers becoming\nvulnerable to cross-site scripting attacks when processing the output. \n(CVE-2008-2939)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz\n Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc\n Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb\n Size/MD5: 2124948 5153435633998e4190b54eb101afd271\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb\n Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 786528 353ed1839a8201d0211ede114565e60d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 199114 6a77314579722ca085726e4220be4e9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 92520 787a673994d746b4ad3788c16516832a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb\n Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb\n Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 803706 f14be1535acf528f89d301c8ec092015\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 211028 28b74d86e10301276cadef208b460658\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 268178 5a853d01127853405a677c53dc2bf254\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb\n Size/MD5: 130456 a0a51bb9405224948b88903779347427\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz\n Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc\n Size/MD5: 1333 b028e602b998a666681d1aa73b980c06\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb\n Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb\n Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb\n Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 410674 684ad4367bc9250468351b5807dee424\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 411258 17f53e8d3898607ce155dc333237690c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb\n Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 367392 612ddcebee145f765163a0b30124393a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb\n Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 410676 cf7bed097f63e3c24337813621866498\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 411252 5a30177f7039f52783576e126cf042d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb\n Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz\n Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc\n Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb\n Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb\n Size/MD5: 801764 3759103e3417d44bea8866399ba34a66\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 139904 b503316d420ccb7efae5082368b95e01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb\n Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb\n Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb\n Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb\n Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01905287\nVersion: 1\n\nHPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-10-21\nLast Updated: 2009-10-21\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. \n\nReferences: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. \nHP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05\nHP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\nCVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location:\n\nURL http://software.hp.com\n\nNote: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05\nNote: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12\n\nWeb Server Suite Version\n HP-UX Release\n Depot name\n\nWeb Server v3.06\n B.11.23 and B.11.31 PA-32\n HPUX22SATW-1123-32.depot\n\nWeb Server v3.06\n B.11.23 and B.11.31 IA-64\n HPUX22SATW-1123-64.depot\n\nWeb Server v2.27\n B.11.11 PA-32\n HPUXSATW-1111-64-32.depot\n\nWeb Server v2.27\n B.11.23 PA-32 and IA-64\n HPUXWSATW-1123-64-bit.depot\n\nWeb Server v2.27\n B.11.31 IA-32 and IA-64\n HPUXSATW-1131-64.depot\n\nMANUAL ACTIONS: Yes - Update\n\nInstall Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent\nor\nInstall Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nFor Web Server Suite before v3.06\nHP-UX B.11.23\n==================\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\naction: install revision B.2.2.8.05 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.8.05 or subsequent\n\nFor Web Server Suite before v2.27\nHP-UX B.11.11\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nHP-UX B.11.23\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxwsAPACHE.APACHE\nhpuxwsAPACHE.APACHE2\nhpuxwsAPACHE.AUTH_LDAP\nhpuxwsAPACHE.AUTH_LDAP2\nhpuxwsAPACHE.MOD_JK\nhpuxwsAPACHE.MOD_JK2\nhpuxwsAPACHE.MOD_PERL\nhpuxwsAPACHE.MOD_PERL2\nhpuxwsAPACHE.PHP\nhpuxwsAPACHE.PHP2\nhpuxwsAPACHE.WEBPROXY\naction: install revision B.2.0.59.12 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 21 October 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7\nhQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0=\n=TAoy\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6203"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "BID",
"id": "26663"
},
{
"db": "VULMON",
"id": "CVE-2007-6203"
},
{
"db": "PACKETSTORM",
"id": "96536"
},
{
"db": "PACKETSTORM",
"id": "64520"
},
{
"db": "PACKETSTORM",
"id": "75604"
},
{
"db": "PACKETSTORM",
"id": "82164"
}
],
"trust": 2.34
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=30835",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6203"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-6203",
"trust": 3.2
},
{
"db": "BID",
"id": "26663",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "27906",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1019030",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "29348",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33105",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30356",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29640",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28196",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30732",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34219",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3411",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4301",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1875",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1623",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4060",
"trust": 1.7
},
{
"db": "XF",
"id": "38800",
"trust": 1.4
},
{
"db": "USCERT",
"id": "TA08-079A",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA08-079A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017",
"trust": 0.8
},
{
"db": "GENTOO",
"id": "GLSA-200803-19",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT090192",
"trust": 0.6
},
{
"db": "SUSE",
"id": "SUSE-SA:2008:021",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071130 PR07-37: XSS ON APACHE HTTP SERVER 413 ERROR PAGES VIA MALFORMED HTTP METHOD",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "PK65782",
"trust": 0.6
},
{
"db": "AIXAPAR",
"id": "PK57952",
"trust": 0.6
},
{
"db": "UBUNTU",
"id": "USN-731-1",
"trust": 0.6
},
{
"db": "XF",
"id": "413",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-03-18",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "30835",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-6203",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "96536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64520",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75604",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6203"
},
{
"db": "BID",
"id": "26663"
},
{
"db": "PACKETSTORM",
"id": "96536"
},
{
"db": "PACKETSTORM",
"id": "64520"
},
{
"db": "PACKETSTORM",
"id": "75604"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "NVD",
"id": "CVE-2007-6203"
}
]
},
"id": "VAR-200711-0538",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-04-10T22:03:36.333000Z",
"patch": {
"_id": null,
"data": [
{
"title": "httpd-2.3",
"trust": 0.8,
"url": "http://httpd.apache.org/dev/devnotes.html"
},
{
"title": "600645",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=600645"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307562-en"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307562-ja"
},
{
"title": "Changes with Apache 2.0.62",
"trust": 0.8,
"url": "http://www.apache.org/dist/httpd/CHANGES_2.0.63"
},
{
"title": "Changes with Apache 2.2.7",
"trust": 0.8,
"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.8"
},
{
"title": "HS08-004",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-004/index.html"
},
{
"title": "HPSBUX02612",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02579879"
},
{
"title": "HPSBUX02465",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01905287"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61015"
},
{
"title": " PK65782",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK65782"
},
{
"title": "PK57952",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"title": "4019245",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"title": "1266",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1266"
},
{
"title": "TLSA-2008-24",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2008/TLSA-2008-24j.txt"
},
{
"title": "HS08-004",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security/vuls/HS08-004/index.html"
},
{
"title": "interstage_as_200807",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200807.html"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-731-1"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2007-4465",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8a7503dd359ab44b424a9918eb8a6f66"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6203"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "NVD",
"id": "CVE-2007-6203"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/26663"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019030"
},
{
"trust": 2.3,
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk57952"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"trust": 1.7,
"url": "http://procheckup.com/vulnerability_pr07-37.php"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27906"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28196"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29348"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3411"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29640"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30356"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30732"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33105"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-731-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34219"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/38800"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/4060"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4060"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12166"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6203"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-079a/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6203"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/27906/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-079a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-079a.html"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1875/references"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4301"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/1623/references"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0924/references"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=44014"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.8"
},
{
"trust": 0.3,
"url": "https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110"
},
{
"trust": 0.3,
"url": "/archive/1/484410"
},
{
"trust": 0.2,
"url": "http://software.hp.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/30835/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/731-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0456"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0456"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0455"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0455"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-6203"
},
{
"db": "BID",
"id": "26663"
},
{
"db": "PACKETSTORM",
"id": "96536"
},
{
"db": "PACKETSTORM",
"id": "64520"
},
{
"db": "PACKETSTORM",
"id": "75604"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
},
{
"db": "NVD",
"id": "CVE-2007-6203"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2007-6203",
"ident": null
},
{
"db": "BID",
"id": "26663",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "96536",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "64520",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "75604",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "82164",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001017",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-6203",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6203",
"ident": null
},
{
"date": "2007-11-30T00:00:00",
"db": "BID",
"id": "26663",
"ident": null
},
{
"date": "2010-12-09T12:11:11",
"db": "PACKETSTORM",
"id": "96536",
"ident": null
},
{
"date": "2008-03-13T04:49:36",
"db": "PACKETSTORM",
"id": "64520",
"ident": null
},
{
"date": "2009-03-10T21:13:00",
"db": "PACKETSTORM",
"id": "75604",
"ident": null
},
{
"date": "2009-10-23T18:14:28",
"db": "PACKETSTORM",
"id": "82164",
"ident": null
},
{
"date": "2007-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-012",
"ident": null
},
{
"date": "2007-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001017",
"ident": null
},
{
"date": "2007-12-03T22:46:00",
"db": "NVD",
"id": "CVE-2007-6203",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6203",
"ident": null
},
{
"date": "2014-02-11T00:26:00",
"db": "BID",
"id": "26663",
"ident": null
},
{
"date": "2009-03-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-012",
"ident": null
},
{
"date": "2010-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001017",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-6203",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Apache HTTP Server of 413 In the error message HTTP Problems not checking the method properly",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001017"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-012"
}
],
"trust": 0.7
}
}
VAR-202109-1804
Vulnerability from variot - Updated: 2026-04-10 21:46A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API.
Apache HTTP Server has a denial of service vulnerability in versions 2.4.30 to 2.4.48, which is caused by the network system or product not properly validating the input data. An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update Advisory ID: RHSA-2022:7143-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:7143 Issue date: 2022-10-26 CVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275 CVE-2021-41524 CVE-2021-44224 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
-
expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
-
expat: Integer overflow in storeRawNames() (CVE-2022-25315)
-
httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
-
httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
-
httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)
-
httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
-
expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
-
expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
-
expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
-
expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
-
expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
-
expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
-
expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
-
expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
-
expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
-
expat: stack exhaustion in doctype parsing (CVE-2022-25313)
-
expat: integer overflow in copyString() (CVE-2022-25314)
-
expat: integer overflow in the doProlog function (CVE-2022-23990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path 2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing 2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations 2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat 2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c 2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c 2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c 2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c 2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c 2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c 2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c 2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer 2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function 2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing 2056354 - CVE-2022-25314 expat: integer overflow in copyString() 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm
Red Hat JBoss Core Services on RHEL 8:
Source: jbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-33193 https://access.redhat.com/security/cve/CVE-2021-36160 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-41524 https://access.redhat.com/security/cve/CVE-2021-44224 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR V1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls j7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP JVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe p7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc M+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM +OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv uA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds RMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY FmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou Btep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx m+Yms1hf0io=Dgle -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54
Description
Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.49"
},
{
"_id": null,
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.30"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.30,\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "NVD",
"id": "CVE-2021-36160"
}
]
},
"credits": {
"_id": null,
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
}
],
"trust": 0.3
},
"cve": "CVE-2021-36160",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-36160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03205",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-397448",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-36160",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-36160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-03205",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1113",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-397448",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-36160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "VULHUB",
"id": "VHN-397448"
},
{
"db": "VULMON",
"id": "CVE-2021-36160"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
},
{
"db": "NVD",
"id": "CVE-2021-36160"
}
]
},
"description": {
"_id": null,
"data": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). The server is fast, reliable and extensible through a simple API. \n\r\n\r\nApache HTTP Server has a denial of service vulnerability in versions 2.4.30 to 2.4.48, which is caused by the network system or product not properly validating the input data. An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated malicious user to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update\nAdvisory ID: RHSA-2022:7143-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:7143\nIssue date: 2022-10-26\nCVE Names: CVE-2021-33193 CVE-2021-36160 CVE-2021-39275\n CVE-2021-41524 CVE-2021-44224 CVE-2021-45960\n CVE-2021-46143 CVE-2022-22822 CVE-2022-22823\n CVE-2022-22824 CVE-2022-22825 CVE-2022-22826\n CVE-2022-22827 CVE-2022-23852 CVE-2022-23990\n CVE-2022-25235 CVE-2022-25236 CVE-2022-25313\n CVE-2022-25314 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code\nexecution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute\nvalues can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy\n(CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n(CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request\nprocessing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations\n(CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash\nlibexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c\n(CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966728 - CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005124 - CVE-2021-36160 httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path\n2010934 - CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing\n2034672 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations\n2044451 - CVE-2021-45960 expat: Large number of prefixed XML attributes on a single tag can crash libexpat\n2044455 - CVE-2021-46143 expat: Integer overflow in doProlog in xmlparse.c\n2044457 - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c\n2044464 - CVE-2022-22823 expat: Integer overflow in build_model in xmlparse.c\n2044467 - CVE-2022-22824 expat: Integer overflow in defineAttribute in xmlparse.c\n2044479 - CVE-2022-22825 expat: Integer overflow in lookup in xmlparse.c\n2044484 - CVE-2022-22826 expat: Integer overflow in nextScaffoldPart in xmlparse.c\n2044488 - CVE-2022-22827 expat: Integer overflow in storeAtts in xmlparse.c\n2044613 - CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer\n2048356 - CVE-2022-23990 expat: integer overflow in the doProlog function\n2056350 - CVE-2022-25313 expat: stack exhaustion in doctype parsing\n2056354 - CVE-2022-25314 expat: integer overflow in copyString()\n2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames()\n2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution\n2056370 - CVE-2022-25236 expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-41.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.src.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.src.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.src.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.src.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-41.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-28.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-debuginfo-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-devel-1.7.0-6.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-98.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-debuginfo-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-brotli-devel-1.0.9-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-debuginfo-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-jansson-devel-2.14-1.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.83.1-6.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-17.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-41.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-15.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-9.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-19.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-28.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-10.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-16.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-12.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-31.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-12.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-33193\nhttps://access.redhat.com/security/cve/CVE-2021-36160\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-41524\nhttps://access.redhat.com/security/cve/CVE-2021-44224\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-23990\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25313\nhttps://access.redhat.com/security/cve/CVE-2022-25314\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY1nOZtzjgjWX9erEAQjuIxAApYL8vG/A+EEcbUqbTvVWogX49KtpAbJR\nV1Gv6llWWogAKT9HEE9AGansLscDYD8cyh6TNShY7lDkX7iYchzJLCs6IYDhBzls\nj7jSdQEgpEVUCPLdKA17rFMO5FvZSlp0pgvFjSH3r+Q1+IVhsxKSXagTbFaTqGgP\nJVqYMrbot+wzwkC1oHda0/Wh4UwqraveivOT/56FOXw6T0uxF0G51RuT+GSusUFe\np7hwNNbE/xWONnQu29QNqMdB9IYFTEjpDV1Tn2i2wPMl1IhQVFhQUqgpjfL29KLc\nM+bOg6nE2NP4a6+YcYQevKwWTmq+VMLwwwCaNKsqFtK9KrDc/cy3nEDvBwQNx6gM\n+OjpDGXbUBvKe6qkXIXMbBuJA1hDug+wdlGlDsC6n1MR6EKFPLs3oDdmsVMyAeXv\nuA9lgkdwIeMpJ96JyDwQ5pCQ94NdLUPy84PlNPH3TJYshpp1di9tFe9MQ9j5lOds\nRMsc1OJLl06aavpMuyFLoV71+xFksTCeNZVEBlSr31kaf1wxr0hG3oCMjlFw/QcY\nFmY8nMirBSnrhGcOzg9zx4gfdvdf84mLmoRIAX/r1O5/RtiV13RQRp8/vo0h+4ou\nBtep5k5CnSag4tBSWvSzX5oaEcrCvaCU9CI/2vhmocTl5O1nsJVvWIHrbu7ygorx\nm+Yms1hf0io=Dgle\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-admin/apache-tools \u003c 2.4.54 \u003e= 2.4.54\n 2 www-servers/apache \u003c 2.4.54 \u003e= 2.4.54\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Apache HTTPD. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-36160"
},
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "VULHUB",
"id": "VHN-397448"
},
{
"db": "VULMON",
"id": "CVE-2021-36160"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
}
],
"trust": 2.25
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-36160",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03205",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167073",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012041",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051150",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3248",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3489",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-397448",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-36160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "VULHUB",
"id": "VHN-397448"
},
{
"db": "VULMON",
"id": "CVE-2021-36160"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
},
{
"db": "NVD",
"id": "CVE-2021-36160"
}
]
},
"id": "VAR-202109-1804",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "VULHUB",
"id": "VHN-397448"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
}
]
},
"last_update_date": "2026-04-10T21:46:55.194000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Patch for Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313441"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=163990"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221915 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-36160",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-36160"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-36160 log"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
},
{
"db": "VULMON",
"id": "CVE-2021-36160"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397448"
},
{
"db": "NVD",
"id": "CVE-2021-36160"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00016.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00016.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3248"
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051150"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3489"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012041"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r73260f6ba9fb52e43d860905fc90462ba5a814afda2d011f32bbd41c@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/ra1c05a392587bfe34383dffe1213edc425de8d4afc25b7cefab3e781@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r7f2746e916ed370239bc1a1025e5ebbf345f79df9ea0ea39e44acfbb@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r94a61a1517133a19dcf40016e87454ea86e355d06a0cec4c778530f3@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/ra87a69d0703d09dc52b86e32b08f8d7327af10acdd5f577a4e82596a@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rb2341c8786d0f9924f5b666e82d8d170b4804f50a523d750551bef1a@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/ree7519d71415ecdd170ff1889cab552d71758d2ba2904a17ded21a70@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/re4162adc051c1a0a79e7a24093f3776373e8733abaff57253fef341d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7144"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-397448"
},
{
"db": "VULMON",
"id": "CVE-2021-36160"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
},
{
"db": "NVD",
"id": "CVE-2021-36160"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03205",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-397448",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-36160",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169132",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169540",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169541",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164329",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "164318",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-36160",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03205",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-397448",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36160",
"ident": null
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132",
"ident": null
},
{
"date": "2022-10-27T13:05:19",
"db": "PACKETSTORM",
"id": "169540",
"ident": null
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541",
"ident": null
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072",
"ident": null
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305",
"ident": null
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329",
"ident": null
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318",
"ident": null
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1113",
"ident": null
},
{
"date": "2021-09-16T15:15:07.330000",
"db": "NVD",
"id": "CVE-2021-36160",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03205",
"ident": null
},
{
"date": "2022-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-397448",
"ident": null
},
{
"date": "2022-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-36160",
"ident": null
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1113",
"ident": null
},
{
"date": "2025-05-01T15:40:05.120000",
"db": "NVD",
"id": "CVE-2021-36160",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
}
],
"trust": 1.0
},
"title": {
"_id": null,
"data": "Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03205"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1113"
}
],
"trust": 0.6
}
}
VAR-200708-0612
Vulnerability from variot - Updated: 2026-03-09 23:25The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. Apache HTTP Server of mod_proxy The module includes modules/proxy/proxy_util.c When an invalid data header is processed in the service, the read operation is executed beyond the buffer area, resulting in an interruption in service operation. (DoS) There is a vulnerability that becomes a condition.When processing a specially crafted data header by a third party, the proxy server cache processing crashes and disrupts service operation (DoS) It may be in a state. The Apache mod_proxy module is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3
Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2
Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1
Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)
It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)
It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)
It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)
It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)
It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)
It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)
It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz
Size/MD5: 121305 10359a467847b63f8d6603081450fece
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc
Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb
Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 171402 3b7567107864cf36953e7911a4851738
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 172186 85a591ea061cbc727fc261b046781502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 94240 b80027348754c493312269f7410b38fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 285664 76f4879738a0a788414316581ac2010b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb
Size/MD5: 144250 3cd8327429958569a306257da57e8be0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 786052 7bdddb451607eeb2abb9706641675397
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb
Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 215932 bee4a6e00371117203647fd3a311658a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 219800 aaf4968deba24912e4981f35a367a086
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb
Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 93282 1ae6def788c74750d79055784c0d8006
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 267832 96c149638daeb993250b18c9f4285abf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb
Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz
Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc
Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb
Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb
Size/MD5: 145340 109c93408c5197be50960cce80c23b7c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 209552 8a23207211e54b138d5a87c15c097908
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 171636 07616e459905bad152a8669c8f670436
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb
Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 222022 e37ef7d710800e568d838242d3129725
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb
Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 208354 0a571678c269d1da06787dac56567f1c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 212052 90754ccdcd95e652413426376078d223
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb
Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz
Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc
Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb
Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb
Size/MD5: 971426 30db1106dfea5106da54d2287c02a380
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb
Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 403974 65a11cfaee921517445cf74ed04df701
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb
Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 434308 2073137bb138dc52bbace666714f4e14
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 343774 880faca3543426734431c29de77c3048
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb
Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz
Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc
Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz
Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 278032 4f8270cff0a532bd059741b366047da9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb
Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb
Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 435354 f3557e1a87154424e9144cf672110e93
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb
Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb
Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb
Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8
. An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01182588 Version: 1
HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-10 Last Updated: 2007-10-10
Potential Security Impact: Remote Unauthorized Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2007-3847, CVE-2007-3304
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended action has been taken.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 hpuxwsAPACHE,revision=B.2.0.59.00
action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability.
OS Release Depot name MD5 Sum
B.11.11 (IPv4) HPUXWSA-B218-01-1111ipv4.depot eb3bb933baac0f05e1e0809ef1e84eb2
B.11.11 (IPv6) HPUXWSA-B218-01-1111ipv6.depot 540a56b155699336bcbfac0eaf87e3ce
B.11.23 PA-32 HPUXWSA-B218-01-1123-32.depot 2900a0cbea01b6905dc768680fbd5381
B.11.23 IA-64 HPUXWSA-B218-01-1123-64.depot 3be084d96e8a509692e37c71c0184014
B.11.31 PA-32 HPUXWSA-B218-01-1131-32.depot 861122eef70f1b53d68c5adafc64cdb5
B.11.31 IA-64 HPUXWSA-B218-01-1131-64.depot 8dc57222257fe27fb5994da16e91f9a4
The updates are available from: ftp://ssrt1476:ssrt1476@hprc.external.hp.com/ ftp://ssrt1476:ssrt1476@192.170.19.100/
MANUAL ACTIONS: Yes - Update Install Apache 2.0.59.00.0 or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 10 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy 7CP41v96ckMOtfU4yeG76pv2 =VMzd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0010 Synopsis: VMware Hosted products update libpng and Apache HTTP Server Issue date: 2009-08-20 Updated on: 2009-08-20 (initial release of advisory) CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 CVE-2007-6388 CVE-2007-5000 CVE-2008-0005
- Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy (CVE-2007-3847). On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616 (CVE-2007-4465).
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Updated Packages:
Mandriva Linux 2007.0: 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm
Corporate 3.0: 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 3.0/X86_64: 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm
Corporate 4.0: 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHVGk3mqjQ0CJFipgRAi2wAKCPuJzkUkyI8lcVRJ3Vu6IbvxMFrQCg3Qxf w5lEeF1m8B+hT513FJVA1po= =c4oi -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.04"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "7"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "fedora core",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "6"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.10"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.59 and earlier"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "web server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.2"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web edition version 4"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web edition"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise edition"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "1.3.28"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard edition"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.4 and earlier"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "version"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0.2.23"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"_id": null,
"model": "cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard edition version 4"
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.3.0"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "10.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "9.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "8.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"_id": null,
"model": "application stack for enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "application stack for enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v14"
},
{
"_id": null,
"model": "hat fedora core7",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat fedora core6",
"scope": null,
"trust": 0.3,
"vendor": "red",
"version": null
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.8"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.6"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.4"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.41"
},
{
"_id": null,
"model": "software foundation apache 2.2.6-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "software foundation apache 2.0.61-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "25489"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
},
{
"db": "NVD",
"id": "CVE-2007-3847"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
}
]
},
"credits": {
"_id": null,
"data": "The vendor disclosed this vulnerability.",
"sources": [
{
"db": "BID",
"id": "25489"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
}
],
"trust": 0.9
},
"cve": "CVE-2007-3847",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-3847",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3847",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3847",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-3847",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3847"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
},
{
"db": "NVD",
"id": "CVE-2007-3847"
}
]
},
"description": {
"_id": null,
"data": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. Apache HTTP Server of mod_proxy The module includes modules/proxy/proxy_util.c When an invalid data header is processed in the service, the read operation is executed beyond the buffer area, resulting in an interruption in service operation. (DoS) There is a vulnerability that becomes a condition.When processing a specially crafted data header by a third party, the proxy server cache processing crashes and disrupts service operation (DoS) It may be in a state. The Apache mod_proxy module is prone to a denial-of-service vulnerability. \nA remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). =========================================================== \nUbuntu Security Notice USN-575-1 February 04, 2008\napache2 vulnerabilities\nCVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,\nCVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\nUbuntu 7.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-mpm-perchild 2.0.55-4ubuntu2.3\n apache2-mpm-prefork 2.0.55-4ubuntu2.3\n apache2-mpm-worker 2.0.55-4ubuntu2.3\n\nUbuntu 6.10:\n apache2-mpm-perchild 2.0.55-4ubuntu4.2\n apache2-mpm-prefork 2.0.55-4ubuntu4.2\n apache2-mpm-worker 2.0.55-4ubuntu4.2\n\nUbuntu 7.04:\n apache2-mpm-event 2.2.3-3.2ubuntu2.1\n apache2-mpm-perchild 2.2.3-3.2ubuntu2.1\n apache2-mpm-prefork 2.2.3-3.2ubuntu2.1\n apache2-mpm-worker 2.2.3-3.2ubuntu2.1\n\nUbuntu 7.10:\n apache2-mpm-event 2.2.4-3ubuntu0.1\n apache2-mpm-perchild 2.2.4-3ubuntu0.1\n apache2-mpm-prefork 2.2.4-3ubuntu0.1\n apache2-mpm-worker 2.2.4-3ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIt was discovered that Apache did not sanitize the Expect header from\nan HTTP request when it is reflected back in an error message, which\ncould result in browsers becoming vulnerable to cross-site scripting\nattacks when processing the output. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data (such as passwords),\nwithin the same domain. This was only vulnerable in Ubuntu 6.06. \n(CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a\nthreaded MPM, Apache did not properly sanitize its input. By default, mod_proxy is disabled in\nUbuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a\ncharacter set, which could result in browsers becoming vulnerable\nto cross-site scripting attacks when processing the output. By\ndefault, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available,\nallowed for cross-site scripting attacks. By default, mod_status is\ndisabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_balancer is disabled in Ubuntu. This was only vulnerable\nin Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to\ndereference a NULL pointer. By\ndefault, mod_proxy_balancer is disabled in Ubuntu. This was only\nvulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set,\nwhich could result in browsers becoming vulnerable to cross-site\nscripting attacks when processing the output. By default,\nmod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz\n Size/MD5: 121305 10359a467847b63f8d6603081450fece\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc\n Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb\n Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 171402 3b7567107864cf36953e7911a4851738\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 172186 85a591ea061cbc727fc261b046781502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 94240 b80027348754c493312269f7410b38fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 285664 76f4879738a0a788414316581ac2010b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb\n Size/MD5: 144250 3cd8327429958569a306257da57e8be0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 786052 7bdddb451607eeb2abb9706641675397\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb\n Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 215932 bee4a6e00371117203647fd3a311658a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 219800 aaf4968deba24912e4981f35a367a086\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb\n Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 93282 1ae6def788c74750d79055784c0d8006\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 267832 96c149638daeb993250b18c9f4285abf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb\n Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz\n Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc\n Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb\n Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb\n Size/MD5: 145340 109c93408c5197be50960cce80c23b7c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 209552 8a23207211e54b138d5a87c15c097908\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 171636 07616e459905bad152a8669c8f670436\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb\n Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 222022 e37ef7d710800e568d838242d3129725\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb\n Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 208354 0a571678c269d1da06787dac56567f1c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 212052 90754ccdcd95e652413426376078d223\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb\n Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz\n Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc\n Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb\n Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb\n Size/MD5: 971426 30db1106dfea5106da54d2287c02a380\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb\n Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 403974 65a11cfaee921517445cf74ed04df701\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb\n Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 434308 2073137bb138dc52bbace666714f4e14\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 343774 880faca3543426734431c29de77c3048\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb\n Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374\n\nUpdated packages for Ubuntu 7.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz\n Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc\n Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz\n Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 278032 4f8270cff0a532bd059741b366047da9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb\n Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb\n Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 435354 f3557e1a87154424e9144cf672110e93\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb\n Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb\n Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb\n Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8\n\n. An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01182588\nVersion: 1\n\nHPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-10\nLast Updated: 2007-10-10\n\nPotential Security Impact: Remote Unauthorized Denial of Service (DoS) \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS). \n\nReferences: CVE-2007-3847, CVE-2007-3304\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00\n\nBACKGROUND\n\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended action has been taken. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \nhpuxwsAPACHE,revision=B.2.0.59.00 \n\naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \n\nOS Release \n Depot name \n MD5 Sum \n \nB.11.11 (IPv4)\n HPUXWSA-B218-01-1111ipv4.depot\n eb3bb933baac0f05e1e0809ef1e84eb2\n \nB.11.11 (IPv6) \n HPUXWSA-B218-01-1111ipv6.depot\n 540a56b155699336bcbfac0eaf87e3ce\n \nB.11.23 PA-32\n HPUXWSA-B218-01-1123-32.depot\n 2900a0cbea01b6905dc768680fbd5381\n \nB.11.23 IA-64\n HPUXWSA-B218-01-1123-64.depot\n 3be084d96e8a509692e37c71c0184014\n \nB.11.31 PA-32\n HPUXWSA-B218-01-1131-32.depot\n 861122eef70f1b53d68c5adafc64cdb5\n \nB.11.31 IA-64\n HPUXWSA-B218-01-1131-64.depot\n 8dc57222257fe27fb5994da16e91f9a4\n \n\nThe updates are available from: \nftp://ssrt1476:ssrt1476@hprc.external.hp.com/ \nftp://ssrt1476:ssrt1476@192.170.19.100/ \n\nMANUAL ACTIONS: Yes - Update \nInstall Apache 2.0.59.00.0 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 10 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy\n7CP41v96ckMOtfU4yeG76pv2\n=VMzd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0010\nSynopsis: VMware Hosted products update libpng and Apache HTTP\n Server\nIssue date: 2009-08-20\nUpdated on: 2009-08-20 (initial release of advisory)\nCVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863\n CVE-2006-5752 CVE-2007-3304 CVE-2007-6388\n CVE-2007-5000 CVE-2008-0005\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. Likewise, a similar crash\n could occur on sites with a forward proxy configured if a user could\n be persuaded to visit a malicious site using the proxy (CVE-2007-3847). On sites where\n directory listings are used and the AddDefaultCharset directive was\n removed from the configuration, a cross-site-scripting attack could\n be possible against browsers that to not correctly derive the response\n character set according to the rules in RGC 2616 (CVE-2007-4465). \n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 9bb73822e8ae92ba87aa8baa21d467d1 2007.0/i586/apache-base-2.2.3-1.2mdv2007.0.i586.rpm\n 1949631d7fc0f87c91ba5dd9e738e036 2007.0/i586/apache-devel-2.2.3-1.2mdv2007.0.i586.rpm\n 3fed692d7b2eefe64bdd5f557fb0d838 2007.0/i586/apache-htcacheclean-2.2.3-1.2mdv2007.0.i586.rpm\n 86b32442b40c9e8ee9ba4bc1def61157 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n a6ca98077bee65a270a7777f6a3f3b60 2007.0/i586/apache-mod_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 3bf50ab09740de6e718dc38e5320a3f7 2007.0/i586/apache-mod_dav-2.2.3-1.2mdv2007.0.i586.rpm\n 11e3dde4beab554a1523261979852fee 2007.0/i586/apache-mod_dbd-2.2.3-1.2mdv2007.0.i586.rpm\n 993926a12a2b5192059961a8bcbf4e2c 2007.0/i586/apache-mod_deflate-2.2.3-1.2mdv2007.0.i586.rpm\n 8553d309d0b537732375fbf0ab6c3187 2007.0/i586/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 83a1fce76091ea660989b5b310d545ab 2007.0/i586/apache-mod_file_cache-2.2.3-1.2mdv2007.0.i586.rpm\n c7799b98922ee0e2f5bd114a3b2f3816 2007.0/i586/apache-mod_ldap-2.2.3-1.2mdv2007.0.i586.rpm\n b3e79d78c26282b39322910be91cd410 2007.0/i586/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.i586.rpm\n 6c72e3c58cb10447304328c2f863651a 2007.0/i586/apache-mod_proxy-2.2.3-1.2mdv2007.0.i586.rpm\n a6d09de71a6b7bf7bb1cafc187777be7 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.i586.rpm\n 05eee18af88226fb76766a9b88d843a8 2007.0/i586/apache-mod_ssl-2.2.3-1.2mdv2007.0.i586.rpm\n c499609426acef2255940cab04a28b5c 2007.0/i586/apache-mod_userdir-2.2.3-1.2mdv2007.0.i586.rpm\n bcd0563b948d8958de5a8da12e5ecd85 2007.0/i586/apache-modules-2.2.3-1.2mdv2007.0.i586.rpm\n 5c4777a2db7fd28b233d1bcc1d570a70 2007.0/i586/apache-mpm-prefork-2.2.3-1.2mdv2007.0.i586.rpm\n fa38945281388cfd4d37d2f98187a0b0 2007.0/i586/apache-mpm-worker-2.2.3-1.2mdv2007.0.i586.rpm\n 30e14fac38a58a8ab4bf59a6ecb59f9a 2007.0/i586/apache-source-2.2.3-1.2mdv2007.0.i586.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 3301ff7aa05c7cb14eecfc82d1d7fe33 2007.0/x86_64/apache-base-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0f6cc2cc841959558ab0222d975a9cc 2007.0/x86_64/apache-devel-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7bf4dbf62cd08717fc3704798d0c839d 2007.0/x86_64/apache-htcacheclean-2.2.3-1.2mdv2007.0.x86_64.rpm\n ecb3772fac317f54303d1d67c2b1c7a2 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n c6cb91541e0f7a24b337da09ee7eb248 2007.0/x86_64/apache-mod_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f39c5879ff62c5d8dcc41ae73d1ca0cd 2007.0/x86_64/apache-mod_dav-2.2.3-1.2mdv2007.0.x86_64.rpm\n 562dc2a4e6246fa7dde9986af40ec847 2007.0/x86_64/apache-mod_dbd-2.2.3-1.2mdv2007.0.x86_64.rpm\n 7be58654d28b2fc0207c3e44370cd118 2007.0/x86_64/apache-mod_deflate-2.2.3-1.2mdv2007.0.x86_64.rpm\n 6e4314853613d0d9fdd048c8ee96a510 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n 5fd5dc78b84bb5579291d27f626cb660 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n d5eecb080611220807820106c24b1e22 2007.0/x86_64/apache-mod_ldap-2.2.3-1.2mdv2007.0.x86_64.rpm\n bed61f6dcb6311d99fb97225a0b48849 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.2mdv2007.0.x86_64.rpm\n f0d3bb15ba884824380ef1cf0bd129b8 2007.0/x86_64/apache-mod_proxy-2.2.3-1.2mdv2007.0.x86_64.rpm\n 8f8969581110089a51cf506b8566315e 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2mdv2007.0.x86_64.rpm\n 1a40d73c8fbbae8868f09ef947407dad 2007.0/x86_64/apache-mod_ssl-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0cd432c837a9ba4795bda96b1d3cc98c 2007.0/x86_64/apache-mod_userdir-2.2.3-1.2mdv2007.0.x86_64.rpm\n f05d88bc8f9c163ca787c30e7bd84e52 2007.0/x86_64/apache-modules-2.2.3-1.2mdv2007.0.x86_64.rpm\n f5431063918c470fa1ccd6e23db4c70d 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.2mdv2007.0.x86_64.rpm\n 0db10b3a236c2f59a93eb2bc6ee6c35d 2007.0/x86_64/apache-mpm-worker-2.2.3-1.2mdv2007.0.x86_64.rpm\n 71f52e6e3afba9d1d923cc64291eb98f 2007.0/x86_64/apache-source-2.2.3-1.2mdv2007.0.x86_64.rpm \n 9bf612bc66eff80fe93f34151959eede 2007.0/SRPMS/apache-2.2.3-1.2mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n e443a21ce0b058aede2aaf82d12d22f7 2007.1/i586/apache-base-2.2.4-6.3mdv2007.1.i586.rpm\n 6d17234fb69995d52c012bb22f52bab3 2007.1/i586/apache-devel-2.2.4-6.3mdv2007.1.i586.rpm\n 6a44621592a2320b6d0e9549eceea6a9 2007.1/i586/apache-htcacheclean-2.2.4-6.3mdv2007.1.i586.rpm\n d0405211b42d562933cd2f802a4276bc 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 3fd09fafa06eb4e08ad975f9972f28f8 2007.1/i586/apache-mod_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d61498465662a9c4a7f77f2dcc9438a7 2007.1/i586/apache-mod_dav-2.2.4-6.3mdv2007.1.i586.rpm\n fbb6c3ccfd793a8f2b9889ed399d5aad 2007.1/i586/apache-mod_dbd-2.2.4-6.3mdv2007.1.i586.rpm\n 0e67be9eaacb5f8686acdd95d26b8b47 2007.1/i586/apache-mod_deflate-2.2.4-6.3mdv2007.1.i586.rpm\n f1a050f23e3bc518b8aecd3c6cd5fd91 2007.1/i586/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.i586.rpm\n d95079c4a7627fe47d529dbe99549023 2007.1/i586/apache-mod_file_cache-2.2.4-6.3mdv2007.1.i586.rpm\n b24dcaec7dc26c107ff0962d46c7b3a1 2007.1/i586/apache-mod_ldap-2.2.4-6.3mdv2007.1.i586.rpm\n 98e97b3bd11ca7939aef2bae47c2c497 2007.1/i586/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.i586.rpm\n bffefef1346635e79f04d0ae56169ab1 2007.1/i586/apache-mod_proxy-2.2.4-6.3mdv2007.1.i586.rpm\n 0c5881d9e76e9ae20470a954200465ae 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.i586.rpm\n 21f665113f11b4b88330b887254023f8 2007.1/i586/apache-mod_ssl-2.2.4-6.3mdv2007.1.i586.rpm\n 192801a60a254a58b57e2f1377ce42c4 2007.1/i586/apache-mod_userdir-2.2.4-6.3mdv2007.1.i586.rpm\n 51fc25858a4ee79d2fd2cfe460c90708 2007.1/i586/apache-modules-2.2.4-6.3mdv2007.1.i586.rpm\n d6256083a3df248847340d3c14ecb9ff 2007.1/i586/apache-mpm-event-2.2.4-6.3mdv2007.1.i586.rpm\n 1359ad128d2d7a24d9211cf7f0276e15 2007.1/i586/apache-mpm-itk-2.2.4-6.3mdv2007.1.i586.rpm\n d65ac7009e90022455c79debf48cdbdb 2007.1/i586/apache-mpm-prefork-2.2.4-6.3mdv2007.1.i586.rpm\n f1d8883b5e633cbb6e3832e7b3c4a4cb 2007.1/i586/apache-mpm-worker-2.2.4-6.3mdv2007.1.i586.rpm\n 947251a0ac81cb912bc4c900bb80e6e7 2007.1/i586/apache-source-2.2.4-6.3mdv2007.1.i586.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 444c86d0a5711e30534400781c0cbcf1 2007.1/x86_64/apache-base-2.2.4-6.3mdv2007.1.x86_64.rpm\n 02514acbf20766b1486389ce4d3e1ed0 2007.1/x86_64/apache-devel-2.2.4-6.3mdv2007.1.x86_64.rpm\n f6f4126d5a414d7ca686395173aaa3b4 2007.1/x86_64/apache-htcacheclean-2.2.4-6.3mdv2007.1.x86_64.rpm\n 1a45be10e44347c913d6493a0d3ad25f 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5e6df108e6fb0083ffe96810f41bc9ea 2007.1/x86_64/apache-mod_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n 31877eb202cbc9cf0869a3d7bc51b47a 2007.1/x86_64/apache-mod_dav-2.2.4-6.3mdv2007.1.x86_64.rpm\n 33a4ce4f105fbed60b2cdfc73fd524c6 2007.1/x86_64/apache-mod_dbd-2.2.4-6.3mdv2007.1.x86_64.rpm\n e093528141ed7cd178ae27743ed4ea69 2007.1/x86_64/apache-mod_deflate-2.2.4-6.3mdv2007.1.x86_64.rpm\n 697a3930734d4570db3aeadc0aac2032 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n c8a20e21d7b07363c8efc8b23078a5e8 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n d42e4f3cc5ca6ac006d3e4bb7a750273 2007.1/x86_64/apache-mod_ldap-2.2.4-6.3mdv2007.1.x86_64.rpm\n e8fc195d18dbb431257dd816bdfa7845 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.3mdv2007.1.x86_64.rpm\n ce7184cd8abf4aa7c98d47a64133c19f 2007.1/x86_64/apache-mod_proxy-2.2.4-6.3mdv2007.1.x86_64.rpm\n 98957b99a54cb32d6ba055d5f059b7ec 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.3mdv2007.1.x86_64.rpm\n 17b824837cf63210790e6201154cb94a 2007.1/x86_64/apache-mod_ssl-2.2.4-6.3mdv2007.1.x86_64.rpm\n 5a2d9f93603eebdde04f8967a07b063d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.3mdv2007.1.x86_64.rpm\n 44f0ad99c93ae8905a2d32b799dc1520 2007.1/x86_64/apache-modules-2.2.4-6.3mdv2007.1.x86_64.rpm\n c5c469771e2f25683ddba3f694e28968 2007.1/x86_64/apache-mpm-event-2.2.4-6.3mdv2007.1.x86_64.rpm\n b691f2e760bdd30c797e46269842a437 2007.1/x86_64/apache-mpm-itk-2.2.4-6.3mdv2007.1.x86_64.rpm\n fa3551d06a7af5a31a040f90dd215a1d 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.3mdv2007.1.x86_64.rpm\n 8d2a09ba2b175cd36bbc0dc6dc4c18ea 2007.1/x86_64/apache-mpm-worker-2.2.4-6.3mdv2007.1.x86_64.rpm\n 7037cb86ca137f40364749a0933b432c 2007.1/x86_64/apache-source-2.2.4-6.3mdv2007.1.x86_64.rpm \n 299d821f2388c0b4eb49992472225564 2007.1/SRPMS/apache-2.2.4-6.3mdv2007.1.src.rpm\n\n Corporate 3.0:\n 5bbdb8ac0d8133c1b09d373cbe35f5ea corporate/3.0/i586/apache2-2.0.48-6.15.C30mdk.i586.rpm\n e14dfcec88913b5245d683502ff684d1 corporate/3.0/i586/apache2-common-2.0.48-6.15.C30mdk.i586.rpm\n 642b4136b2e2915db59801888b41d1e6 corporate/3.0/i586/apache2-devel-2.0.48-6.15.C30mdk.i586.rpm\n c8824d8aa09e4917f9b35b1c659b5181 corporate/3.0/i586/apache2-manual-2.0.48-6.15.C30mdk.i586.rpm\n 09af9e7945caec7163a12be1a14302ee corporate/3.0/i586/apache2-mod_cache-2.0.48-6.15.C30mdk.i586.rpm\n 374a782a9211ee321f31a4e716d6bb97 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.15.C30mdk.i586.rpm\n 88a31c94bc077aa0a91f000b839d4b69 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.15.C30mdk.i586.rpm\n 8e55a5d1949805b0a6a4f84d571ab4ff corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.i586.rpm\n 16b573b8a914ab130ac660cce8bddfdb corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.15.C30mdk.i586.rpm\n 68fdee10fc216a354849a6fc5d89e7cf corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.15.C30mdk.i586.rpm\n 9e75fe104df971a7a707efb0d6735288 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.i586.rpm\n 006f66a419a5f81085bc6fd74e4c1235 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.15.C30mdk.i586.rpm\n f0910407a4042202cec58ebdb74127d3 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.15.C30mdk.i586.rpm\n 43578ffa09c88aa636c6df329cebe81a corporate/3.0/i586/apache2-modules-2.0.48-6.15.C30mdk.i586.rpm\n c5c8b21b0bbc8e57f81baa317ccba3f3 corporate/3.0/i586/apache2-source-2.0.48-6.15.C30mdk.i586.rpm\n f38fcbb77b956304d63d36ad7b003b05 corporate/3.0/i586/libapr0-2.0.48-6.15.C30mdk.i586.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 52f3a65b7c0e82d517e66d4b176aa33e corporate/3.0/x86_64/apache2-2.0.48-6.15.C30mdk.x86_64.rpm\n b54119aca1142e9e9a848cbc18f2a5d0 corporate/3.0/x86_64/apache2-common-2.0.48-6.15.C30mdk.x86_64.rpm\n e5ac1fdacf86a8214105cc13d3c439aa corporate/3.0/x86_64/apache2-devel-2.0.48-6.15.C30mdk.x86_64.rpm\n 1bc73ab39962a806585f1c669b8c1f7e corporate/3.0/x86_64/apache2-manual-2.0.48-6.15.C30mdk.x86_64.rpm\n 87af39a3721856a710383cd51815fbaf corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n c03c3c1774c1baafaf44a4bb17ca74c6 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.15.C30mdk.x86_64.rpm\n 0ef802c1187c979d48db6ae4672fb21b corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.15.C30mdk.x86_64.rpm\n c7d6772332baffc85fd1472e018f5546 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 45965308167632623ff93de397d4041d corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n 17e2a48cc23d7983351706745c7cd553 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.15.C30mdk.x86_64.rpm\n 5b047d484852dd9a2000028d8dcfb7e6 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.15.C30mdk.x86_64.rpm\n a5f32074ec310263bc03648b81d44173 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.15.C30mdk.x86_64.rpm\n 79c4a90fa0ab3bfa8dbe9b12daeff4cd corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.15.C30mdk.x86_64.rpm\n 15af8e5591d5ff99f5c157a0c01d4174 corporate/3.0/x86_64/apache2-modules-2.0.48-6.15.C30mdk.x86_64.rpm\n 462316c74fff690d2e98116ddf614d54 corporate/3.0/x86_64/apache2-source-2.0.48-6.15.C30mdk.x86_64.rpm\n 20553b85bf243e5986af1a3551549ed8 corporate/3.0/x86_64/lib64apr0-2.0.48-6.15.C30mdk.x86_64.rpm \n aab66cf8d305132c45dfa6b8b5fced4d corporate/3.0/SRPMS/apache2-2.0.48-6.15.C30mdk.src.rpm\n\n Corporate 4.0:\n 7d50fe1ac32dec6c4d57dd850950bdb1 corporate/4.0/i586/apache-base-2.2.3-1.2.20060mlcs4.i586.rpm\n 775785cf1a22f45a64d800fdfcc4a8bc corporate/4.0/i586/apache-devel-2.2.3-1.2.20060mlcs4.i586.rpm\n 79b64bb1793933f1c8b83e7eee2d4cfa corporate/4.0/i586/apache-htcacheclean-2.2.3-1.2.20060mlcs4.i586.rpm\n eac03081a34897376d542b7032dd03c2 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n 2c223bb1645aadfba8e6d1d6a2c8756c corporate/4.0/i586/apache-mod_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n e4c4c07473f9644fc146e2f4d9ce95c8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.2.20060mlcs4.i586.rpm\n 13f85bc068b14e497873c6028520580a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.2.20060mlcs4.i586.rpm\n aaa52a86e4a6d3e5322fa140edc5535a corporate/4.0/i586/apache-mod_deflate-2.2.3-1.2.20060mlcs4.i586.rpm\n 574e07826a89f78883f2cfb3ca224e8c corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 451efb60480fd0680b6c4f955c46ccf4 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 73fa350b85ea63a5b3f69d8d387474aa corporate/4.0/i586/apache-mod_ldap-2.2.3-1.2.20060mlcs4.i586.rpm\n d2364f995210cdbbe324df10d49bef98 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.i586.rpm\n 145b17e675a42bed7b3a8c5ee883cf45 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.2.20060mlcs4.i586.rpm\n 92b82835be476736295c15954f2a9eb6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.i586.rpm\n 0dd6c7df0e3ea475b6b2d50ef4aa5ac0 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.2.20060mlcs4.i586.rpm\n d579208689ec9a72a599bf3510bdf942 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.2.20060mlcs4.i586.rpm\n 6fd43dfcfc649c8bcd4692ba9ebeee07 corporate/4.0/i586/apache-modules-2.2.3-1.2.20060mlcs4.i586.rpm\n 9fbf1dde58f17e3f0f29a8c3f1e1b6b6 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.i586.rpm\n 72f26a52381b68a8bbc6e2fcc9c0ac8c corporate/4.0/i586/apache-mpm-worker-2.2.3-1.2.20060mlcs4.i586.rpm\n 99a935e7047a27043159b6555d3444c7 corporate/4.0/i586/apache-source-2.2.3-1.2.20060mlcs4.i586.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 35a789ac173ed3cc0dda52270a194bad corporate/4.0/x86_64/apache-base-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e9df753a94dfb136780651ac743e50eb corporate/4.0/x86_64/apache-devel-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 3964c83541baaf5af0ccc828282a1954 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 554ea610010d5f361bcc87d75d8d0f6f corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 051c20e0f062d50a01c51ebad7dcb96d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 59a05bd258ba6b4729238885d2fc0273 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.2.20060mlcs4.x86_64.rpm\n ceb391b54796f3ea763b81c5085da16c corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 307726e1c4dfcca90093c19e3d17f504 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1500f6520843c6604192e4a621d5b9f1 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n e0ac5eb68e21253d33928fa28f0acb25 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 21c68fdaf26b13ed2177bf458979df1e corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 28ef0171caf2d11cca8fe4f0bf2473db corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 019893e83acbfb730f79a8eb364ea042 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 202b1fc0dd2d9364530abbbb13f799b0 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 5cd3084106482b3f01b41cd716c702b8 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 6a18ec0935144ead6f037f41e852a892 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 622bb60b53fb48aef1b5a7fc94be3298 corporate/4.0/x86_64/apache-modules-2.2.3-1.2.20060mlcs4.x86_64.rpm\n f573d1aef5f29f14f8764fce5ea31a1d corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 842d5d6ef1c73fcb0b41b9ff18a75960 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.2.20060mlcs4.x86_64.rpm\n 1cae994b8a6fb2d2aa9a803d7bb3178d corporate/4.0/x86_64/apache-source-2.2.3-1.2.20060mlcs4.x86_64.rpm \n 07d86b59ebeb3596997f6c3a64242d45 corporate/4.0/SRPMS/apache-2.2.3-1.2.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 463f2a0de557bfcf7ae0655e5381b22f mnf/2.0/i586/apache2-2.0.48-6.16.M20mdk.i586.rpm\n 56117551a5480c85920263bcefb32c09 mnf/2.0/i586/apache2-common-2.0.48-6.16.M20mdk.i586.rpm\n c7496b0bb82f802cd8d17819ee1308bc mnf/2.0/i586/apache2-devel-2.0.48-6.16.M20mdk.i586.rpm\n 6be15ca61d9a7cc4cc4c7e4e55c4ffd1 mnf/2.0/i586/apache2-manual-2.0.48-6.16.M20mdk.i586.rpm\n 766a15298990769f14e5ad00745b9c7f mnf/2.0/i586/apache2-mod_cache-2.0.48-6.16.M20mdk.i586.rpm\n 21d7b83f3e1b80874c5c007c6659c470 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.16.M20mdk.i586.rpm\n 417055a9758a47db50fcd7ec0a7d4047 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.16.M20mdk.i586.rpm\n 90d4aa462e8edf12c52216fa4eeac6a1 mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.16.M20mdk.i586.rpm\n fbeb5bc02ada67198541cb4e1c2b1b27 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.16.M20mdk.i586.rpm\n 0f2e617217d9f418182ca89bab9703f0 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.16.M20mdk.i586.rpm\n 50e9dc2b73be1f0f3a45ca7da1adbcbf mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.16.M20mdk.i586.rpm\n 8352541a45d2c76ab840ca6f4b070ffb mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.16.M20mdk.i586.rpm\n 5744f88c6e59f26418f1f3f531f30734 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.16.M20mdk.i586.rpm\n 874dc6a00a02630401f7efeadc93935e mnf/2.0/i586/apache2-modules-2.0.48-6.16.M20mdk.i586.rpm\n efbd0f5ac6f292474d29f83d36bf86eb mnf/2.0/i586/apache2-source-2.0.48-6.16.M20mdk.i586.rpm\n 15bd1fcd65bd487b6fd5bba0a8ec530d mnf/2.0/i586/libapr0-2.0.48-6.16.M20mdk.i586.rpm \n 0e6b7bac08407b02457479763d27e885 mnf/2.0/SRPMS/apache2-2.0.48-6.16.M20mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHVGk3mqjQ0CJFipgRAi2wAKCPuJzkUkyI8lcVRJ3Vu6IbvxMFrQCg3Qxf\nw5lEeF1m8B+hT513FJVA1po=\n=c4oi\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3847"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
},
{
"db": "BID",
"id": "25489"
},
{
"db": "VULMON",
"id": "CVE-2007-3847"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "61459"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-3847",
"trust": 3.3
},
{
"db": "BID",
"id": "25489",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA08-150A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "26636",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2007-3955",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3283",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3095",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3020",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0233",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0924",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3494",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1697",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27593",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27732",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28922",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "29420",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26993",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28606",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26842",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26790",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27971",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27563",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27209",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26952",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27882",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30430",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28749",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28467",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26722",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018633",
"trust": 1.7
},
{
"db": "USCERT",
"id": "SA08-150A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2007-3847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61459",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3847"
},
{
"db": "BID",
"id": "25489"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
},
{
"db": "NVD",
"id": "CVE-2007-3847"
}
]
},
"id": "VAR-200708-0612",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T23:25:31.724000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.0.61-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev"
},
{
"title": "Fixed in Apache httpd 2.2.6-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev"
},
{
"title": "Security Update 2008-003",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1897"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249"
},
{
"title": "Security Update 2008-003",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1897?viewlocale=ja_JP"
},
{
"title": "Security Update 2008-002",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT1249?viewlocale=ja_JP"
},
{
"title": "httpd-2.2.3-11.1AX",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=71"
},
{
"title": "HS07-039",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-039_e/index-e.html"
},
{
"title": "HPSBUX02273",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01182588"
},
{
"title": "HPSBUX02273",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02273.html"
},
{
"title": "PK55141",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55141"
},
{
"title": "Fix Pack 13 (6.1.0.13)",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013"
},
{
"title": "PK50469",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50469"
},
{
"title": "4017141",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141"
},
{
"title": "4017303",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303"
},
{
"title": "httpd (V4.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1190"
},
{
"title": "httpd (V3.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=1224"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2013",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2013 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013verbose-1899830.html"
},
{
"title": "RHSA-2007:0746",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0746.html"
},
{
"title": "RHSA-2007:0747",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0747.html"
},
{
"title": "RHSA-2008:0005",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0005.html"
},
{
"title": "July 2013 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2013_critical_patch_update"
},
{
"title": "HS07-039",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security/vuls/HS07-039/index.html"
},
{
"title": "RHSA-2007:0746",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0746J.html"
},
{
"title": "RHSA-2008:0005",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0005J.html"
},
{
"title": "RHSA-2007:0747",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0747J.html"
},
{
"title": "interstage_as_200802",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2007-3847: apache2 denial of service vulnerability (for threaded MPMs) in mod_proxy",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=0e9801bee76cc4795aeabe2ccbf7d7f4"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-575-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2007-3847 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3847"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3847"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/25489"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-150a.html"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=apache-cvs\u0026m=118592992309395\u0026w=2"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-500.htm"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk50469"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1710"
},
{
"trust": 1.7,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-september/msg00353.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:235"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0911.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0746.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0747.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26636"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26722"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26790"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26842"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26952"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26993"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27209"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27563"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27593"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27732"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27882"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27971"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0005.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28467"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28749"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28606"
},
{
"trust": 1.7,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.595748"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28922"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29420"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30430"
},
{
"trust": 1.7,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0233"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3494"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3020"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3955"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3095"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3283"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01182588"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10525"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 1.4,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-dev\u0026m=118595556504202\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-dev\u0026m=118595953217856\u0026w=2"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2007/3020"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-150a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-150a/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3847"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/26636/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-150a.html"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0746"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0747"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev\u0026m=118595556504202\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2007-3847"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0602"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2008:0005"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2007:0911"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev\u0026m=118595953217856\u0026w=2"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg24017334"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27010985#new"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27004980#ver61"
},
{
"trust": 0.3,
"url": "/archive/1/482486"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/announcement1.3.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-026.htm"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0746.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0747.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0911.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0005.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0006.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2007-3847"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/575-1/"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ace/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3847"
},
{
"db": "BID",
"id": "25489"
},
{
"db": "PACKETSTORM",
"id": "63262"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
},
{
"db": "NVD",
"id": "CVE-2007-3847"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2007-3847",
"ident": null
},
{
"db": "BID",
"id": "25489",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "63262",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "60039",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "61459",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000638",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-3847",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-08-23T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3847",
"ident": null
},
{
"date": "2007-08-30T00:00:00",
"db": "BID",
"id": "25489",
"ident": null
},
{
"date": "2008-02-05T00:41:56",
"db": "PACKETSTORM",
"id": "63262",
"ident": null
},
{
"date": "2007-11-07T20:27:55",
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"date": "2007-10-12T04:41:53",
"db": "PACKETSTORM",
"id": "60039",
"ident": null
},
{
"date": "2009-08-23T16:31:17",
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"date": "2007-12-04T05:30:30",
"db": "PACKETSTORM",
"id": "61459",
"ident": null
},
{
"date": "2007-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-391",
"ident": null
},
{
"date": "2007-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000638",
"ident": null
},
{
"date": "2007-08-23T22:17:00",
"db": "NVD",
"id": "CVE-2007-3847",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3847",
"ident": null
},
{
"date": "2010-08-05T21:45:00",
"db": "BID",
"id": "25489",
"ident": null
},
{
"date": "2023-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-391",
"ident": null
},
{
"date": "2013-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000638",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3847",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "61459"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache HTTP Server of mod_proxy Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000638"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-391"
}
],
"trust": 0.6
}
}
VAR-200909-0399
Vulnerability from variot - Updated: 2026-03-09 23:22The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Apache HTTP Server is an open source web server from the American Apache Software (Apache) Foundation. The server is fast, reliable and scalable via a simple API. The Apache mod_proxy_ftp module is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands within the context of the affected application. Because of its multi-platform and security, it is widely used and is one of the most popular web server software. one. =========================================================== Ubuntu Security Notice USN-860-1 November 19, 2009 apache2 vulnerabilities CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.9
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.14
Ubuntu 8.10: apache2.2-common 2.2.9-7ubuntu3.5
Ubuntu 9.04: apache2.2-common 2.2.11-2ubuntu2.5
Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. The flaw is with TLS renegotiation and potentially affects any software that supports this feature. Attacks against the HTTPS protocol are known, with the severity of the issue depending on the safeguards used in the web application. Until the TLS protocol and underlying libraries are adjusted to defend against this vulnerability, a partial, temporary workaround has been applied to Apache that disables client initiated TLS renegotiation. This update does not protect against server initiated TLS renegotiation when using SSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)
It was discovered that mod_proxy_ftp in Apache did not properly sanitize its input when processing replies to EPASV and PASV commands. An attacker could use this to cause a denial of service in the Apache child process. (CVE-2009-3094)
Another flaw was discovered in mod_proxy_ftp. (CVE-2009-3095)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz
Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc
Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb
Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 834492 818915da9848657833480b1ead6b4a12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 224594 85a4480344a072868758c466f6a98747
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 229128 446b52088b9744fb776e53155403a474
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb
Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb
Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb
Size/MD5: 142730 d43356422176ca29440f3e0572678093
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 269070 bf585dec777b0306cd80663c11b020df
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb
Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz
Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc
Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz
Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb
Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 141660 958585d6391847cd5a618464054f7d37
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb
Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb
Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb
Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 206386 06402188459de8dab5279b5bfef768fa
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb
Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 233152 1165607c64c57c84212b6b106254e885
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 143838 28e9c3811feeac70b846279e82c23430
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb
Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz
Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc
Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb
Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 209550 496d387e315370c0cd83489db663a356
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb
Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb
Size/MD5: 778564 ffd7752394933004094c13b00113b263
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 208528 6672fb116e108687669c89197732fbb0
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb
Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 261510 d3e1155682726cc28859156e647d97b3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 84558 68452b686e89320007e9c5367ce36345
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb
Size/MD5: 926240 8282583e86e84bd256959540f39a515d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 241280 1eea25472875056e34cd2c3283c60171
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 246024 5709e7421814ecfb83fff5804d429971
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf
http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb
Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz
Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc
Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz
Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb
Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 258414 8ef063026de9790bac1965427ce1b584
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 213294 09701d434bd102e4205e551b4525afd1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 87818 670c62615e107920c45893b3377ab2a0
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb
Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 244914 955bb5121da808d44aa994386d90723f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb
Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb
Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb
Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91
http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 214286 a378e2e0418631cec0f398379a446172
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb
Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz
Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc
Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz
Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2336 009d381342b0be5280835a46c91f01d9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2314 17719223d92d46821098ce178b5947d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb
Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb
Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 155166 4347806710edff47fc051b4a68d5b448
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079
http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb
Size/MD5: 90316 add7f446f6b524343c0066a486dd299a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb
Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb
Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987
http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528
http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7
http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43
http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb
Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2
. Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only).
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0.
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195).
The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890).
Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).
Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555).
Packages for 2008.0 are being provided due to extended support for Corporate products.
This update provides a solution to these vulnerabilities.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
Updated Packages:
Mandriva Linux 2008.0: dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu MUj4lK2Wsb+qzbv2V+Ih30U= =VdZS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Debian Security Advisory DSA-1934-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch November 16, 2009 http://www.debian.org/security/faq
Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability.
As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use.
NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate):
-
- The "SSLVerifyClient" directive is used in a Directory or Location context.
-
- The "SSLCipherSuite" directive is used in a Directory or Location context.
As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level.
A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue.
In addition, this update fixes the following issues in Apache's mod_proxy_ftp:
CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
For the stable distribution (lenny), these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310 http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870 http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40 http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71 http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625 http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136 http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690 http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125 http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129 http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728 http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02002308 Version: 1
HPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2010-03-23 Last Updated: 2010-03-23
Potential Security Impact: Remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information.
References: CVE-2009-3094, CVE-2009-3095
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following patch kits available to resolve the vulnerability. Patch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . The patch kits and installation instructions are available from the following location using ftp:
Host Account Password
ftp.usa.hp.com ewt01 Welcome1
CSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms.
Itanium Images mod_proxy.exe_ia64 mod_proxy_ftp.exe_ia64
Alpha Images mod_proxy.exe_axp mod_proxy_ftp.exe_axp
The patch images will be provided in the next regularly scheduled update of CSWS 2.1-1.
PRODUCT SPECIFIC INFORMATION None
HISTORY Version:1 (rev.1) - 23 March 2010 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkupHKUACgkQ4B86/C0qfVkQwQCePmzcNikMnO+Yl0XoAxIJisjF MyoAnAnFiY2qnDFOkjlYCdjtLd3YBIeZ =Ag54 -----END PGP SIGNATURE----- .
BAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0399",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "9"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.3,
"vendor": "suse",
"version": "11"
},
{
"model": "http server",
"scope": null,
"trust": 1.2,
"vendor": "apache",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.1"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.6.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "10.3"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47.x"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6 to v10.6.2"
},
{
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"model": "turbolinux fuji",
"scope": null,
"trust": 0.8,
"vendor": "turbo linux",
"version": null
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "10 (x64)"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"model": "hp-ux apache-based web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "v.2.2.15.03"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.4.z (server)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "2.2.5-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "2.2.6-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "2.2.7-dev",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mod proxy ftp",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0"
},
{
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.12"
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "business availability center",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "8.07"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.35"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "interstage application server standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.05"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.55"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.23"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.13"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.06"
},
{
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.01"
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.27"
},
{
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "openvms secure web server",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.19"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "compaq secure web server for openvms",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2.33"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "BID",
"id": "36254"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:websphere_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_fuji",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:hp:apache-based_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intevydis",
"sources": [
{
"db": "BID",
"id": "36254"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
}
],
"trust": 0.9
},
"cve": "CVE-2009-3095",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-3095",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2009-3095",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-2172",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-40541",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3095",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3095",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-2172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-40541",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2009-3095",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. Apache HTTP Server is an open source web server from the American Apache Software (Apache) Foundation. The server is fast, reliable and scalable via a simple API. The Apache mod_proxy_ftp module is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. \nAttackers can exploit this issue to execute arbitrary commands within the context of the affected application. Because of its multi-platform and security, it is widely used and is one of the most popular web server software. one. ===========================================================\nUbuntu Security Notice USN-860-1 November 19, 2009\napache2 vulnerabilities\nCVE-2009-3094, CVE-2009-3095, CVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.9\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.14\n\nUbuntu 8.10:\n apache2.2-common 2.2.9-7ubuntu3.5\n\nUbuntu 9.04:\n apache2.2-common 2.2.11-2ubuntu2.5\n\nUbuntu 9.10:\n apache2.2-common 2.2.12-1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\nprotocols. If an attacker could perform a man in the middle attack at the\nstart of a TLS connection, the attacker could inject arbitrary content at\nthe beginning of the user\u0027s session. The flaw is with TLS renegotiation and\npotentially affects any software that supports this feature. Attacks\nagainst the HTTPS protocol are known, with the severity of the issue\ndepending on the safeguards used in the web application. Until the TLS\nprotocol and underlying libraries are adjusted to defend against this\nvulnerability, a partial, temporary workaround has been applied to Apache\nthat disables client initiated TLS renegotiation. This update does not\nprotect against server initiated TLS renegotiation when using\nSSLVerifyClient and SSLCipherSuite on a per Directory or Location basis. (CVE-2009-3555)\n\nIt was discovered that mod_proxy_ftp in Apache did not properly sanitize\nits input when processing replies to EPASV and PASV commands. An attacker\ncould use this to cause a denial of service in the Apache child process. \n(CVE-2009-3094)\n\nAnother flaw was discovered in mod_proxy_ftp. \n(CVE-2009-3095)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz\n Size/MD5: 130638 5d172b0ca228238e211940fad6b0935d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc\n Size/MD5: 1156 a6d575c4c0ef0ef9c4c77e7f6ddfb02d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb\n Size/MD5: 2125884 643115e9135b9bf626f3a65cfc5f2ed3\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 834492 818915da9848657833480b1ead6b4a12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229578 9086ac3033e0425ecd150b31b377ee76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 224594 85a4480344a072868758c466f6a98747\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 229128 446b52088b9744fb776e53155403a474\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 172850 17e4cd95ecb9d0390274fca9625c2e5e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 173636 b501407d01fa07e5807c28cd1db16cd7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 95454 a06ee30ec14b35003ebcb821624bc2af\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 37510 4c063b1b8d831ea8a02d5ec691995dec\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 287048 9cdc7502ebc526d4bc7df9b59a9d8925\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb\n Size/MD5: 145624 4b613a57da2ca57678e8c8f0c1628556\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 787870 67b1855dc984e5296ac9580e2a2f0a0c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 204122 edf40b0ff5c1824b2d6232da247ce480\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 200060 6267a56fcef78f6300372810ce36ea41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 203580 c487929bbf45b5a4dc3d035d86f7b3a0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 172876 bae257127c3d137e407a7db744f3d57a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 173660 9dd0e108ab4d3382799b29d901bf4502\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 93410 d5d602c75a28873f1cd7523857e0dd80\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 37508 22049e1ea8ea88259ff3f6e94482cfb3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 263066 43fa2ae3b43c4743c98c45ac22fb0250\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb\n Size/MD5: 133484 e70b7f81859cb92e0c50084e92216526\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 860622 6d386da8da90d363414846dbc7fa7f08\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 221470 8c207b379f7ba646c94759d3e9079dd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 217132 069cab77278b101c3c4a5b172f36ba9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 220968 2f6ba65769fc964eb6dfec8a842f7621\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 172874 89137c84b5a33f526daf3f8b4c047a7e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 173662 23e576721faccb4aef732cf98e2358d4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 105198 44f9e698567784555db7d7d971b9fce2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 37518 fe7caa2a3cf6d4227ac34692de30635e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 282644 ec0306c04778cf8c8edd622aabb0363c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb\n Size/MD5: 142730 d43356422176ca29440f3e0572678093\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 805078 0f1f6a9b04ad5ce4ea29fd0e44bf18a4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 211674 eb19532b9b759c806e9a95a4ffbfad9b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 207344 9e5770a4c94cbc4f9bc8cc11a6a038f1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 210948 6d1d2357cec5b88c1c2269e5c16724bc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 172882 d04dd123def1bc4cfbf2ac0095432eea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 173662 6be46bbb9e92224020da49d657cb4cd4\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 94510 9df6ae07a9218d6159b1eebde5d58606\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 37506 89856bb1433e67fb23c8d34423d3e0a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 269070 bf585dec777b0306cd80663c11b020df\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb\n Size/MD5: 131466 340eaf2d2c1f129c7676a152776cfcf3\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz\n Size/MD5: 141838 37d5c93b425758839cbef5afea5353a2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc\n Size/MD5: 1381 78c9a13cc2af0dbf3958a3fc98aeea84\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz\n Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 1929318 d4faaf64c2c0af807848ea171a4efa90\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 72920 065d63c19b22f0f7a8f7c28952b0b408\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 6258048 33c48a093bbb868ea108a50c051437cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb\n Size/MD5: 45850 07a9463a8e4fdf1a48766d5ad08b9a3c\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 253080 3c6467ee604002a5b8ebffff8554c568\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 248676 3c83ce9eb0a27f18b9c3a8c3e651cafa\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 252490 cf379a515d967d89d2009be9e06d4833\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 205592 af6cb62114d2e70bf859c32008a66433\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 206350 9c3d5ef8e55eee98cc3e75f2ed9ffaff\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 141660 958585d6391847cd5a618464054f7d37\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb\n Size/MD5: 803974 76d23bd94465a2f96711dc1c41b31af0\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 236060 ad4c00dc10b406cc312982b7113fa468\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 231580 07ae6a192e6c859e49d48f2b2158df40\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 235308 18a44bbffcebde8f2d66fe3a6bdbab6d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 205594 73ec71599d4c8a42a69ac3099b9d50cf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 206374 c1524e4fa8265e7eaac046b114b8c463\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 140644 379a125b8b5b51ff8033449755ab87b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb\n Size/MD5: 755574 9de96c8719740c2525e3c0cf7836d60b\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 235578 0265d4f6ccee2d7b5ee10cfff48fed08\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 231234 611499fb33808ecdd232e2c5350f6838\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 234738 d7757d2da2e542ce0fdad5994be1d8bd\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 205592 c10ac9eb401184c379b7993b6a62cde3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 206358 fc91c0159b096e744c42014e6e5f8909\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 141212 f87d5f443e5d8e1c3eda6f976b3ceb06\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb\n Size/MD5: 749716 86ae389b81b057288ff3c0b69ef68656\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 254134 4337f858972022fa196c9a1f9bb724fb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 249596 44a6e21ff8fa81d09dab19cab4caffdb\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 253698 f101a1709f21320716d4c9afb356f24f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 205604 3f4d4f6733257a7037e35101ef792352\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 206386 06402188459de8dab5279b5bfef768fa\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 158390 0acffbdb7e5602b434c4f2805f8dc4d0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb\n Size/MD5: 906022 28c3e8b63d123a4ca0632b3fed6720b5\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 237422 5651f53b09c0f36e1333c569980a0eb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 233152 1165607c64c57c84212b6b106254e885\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 236606 bbe00d0707c279a16eca35258dd8f13a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 205598 76afcd4085fa6f39055a5a3f1ef34a43\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 206372 5c67270e0a19d1558cf17cb21a114833\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 143838 28e9c3811feeac70b846279e82c23430\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb\n Size/MD5: 765398 92c5b054b80b6258a1c4caac8248a40a\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz\n Size/MD5: 137715 0e8a6128ff37a1c064d4ce881b5d3df9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc\n Size/MD5: 1788 5e3c3d53b68ea3053bcca3a5e19f5911\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5: 6396996 80d3754fc278338033296f0d41ef2c04\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 2041786 cd1e98fb2064bad51f7845f203a07d79\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 6538578 32e07db65f1e7b3002aedc3afce1748c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb\n Size/MD5: 45474 0f1b4fb499af61a596241bd4f0f4d35d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254968 f2004f847cc5cbc730599352ad1f7dc6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 249196 fb001fc4f192e9b8ae1bb7161925413c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 254360 419b942bad4cf4d959afcfa3ce4314e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 208524 0d87bf6acbf1ab5dc48c68debe7c0d26\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 84490 2a4df4b619debe549f48ac3e9e764305\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 82838 215665711684d5b5dd04cdfa23d36462\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 209550 496d387e315370c0cd83489db663a356\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 147762 48061b9015c78b39b7afd834f4c81ae0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb\n Size/MD5: 820242 3497441009bc9db76a87fd2447ba433c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 241376 488812d1a311fd67dafd5b18b6813920\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 236082 9256681808703f40e822c81b53f4ce3e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 240668 2b6b7c11a88ed5a280f603305bee880e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 208532 e0eccceba6cae5fb12f431ff0283a23e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 83922 ea5f69f36e344e493cce5d9c0bc69c46\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 82320 0d9b2f9afff4b9efe924b59e9bb039ea\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 209554 f4e53148ae30d5c4f060d455e4f11f95\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 146596 5ed6a4af9378bacfb7d4a034d9923915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb\n Size/MD5: 778564 ffd7752394933004094c13b00113b263\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 238358 4955c7d577496ea4f3573345fad028a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 232964 76aecf38baba17a8a968329b818ec74a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 237626 83f32bd08e2e206bbdb9f92cfb1a37e5\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 208528 6672fb116e108687669c89197732fbb0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 83870 b8f875f197017aec0fe8203c203065d7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 82296 d6724391ed540b351e2b660ba98af1ca\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 209550 263b43fb11c6d954d5a4bf7839e720a4\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 146282 a225b8d0f48e141eea28b2369d4595c0\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb\n Size/MD5: 766494 454c737e191429c43ad3f28c9e0294a0\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 261510 d3e1155682726cc28859156e647d97b3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 256082 e49d894a6e9ab612a3cbd2f189ca3d8d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 260850 bc3cd7677cd630ac00424e73a3a6b343\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 208542 ae1cc6b1323832528ad8f0e7130ec87d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 84558 68452b686e89320007e9c5367ce36345\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 82908 2b8c5fc4bdec1017735dc16eba41d0a6\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 209562 a8da7487e3dcd1bdff008956728b8dd3\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 161030 a5ffe07d5e3050c8a54c4fccd3732263\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb\n Size/MD5: 926240 8282583e86e84bd256959540f39a515d\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246720 e54b4b9b354001a910ec9027dc90b0d2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 241280 1eea25472875056e34cd2c3283c60171\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 246024 5709e7421814ecfb83fff5804d429971\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 208528 25cdfd0177da7e5484d3d44f93257863\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 84096 3ffbacffcc23ffc640a2ce05d35437bf\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 82470 17d1ca84f9455c492013f4f754a1d365\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 209546 696ef3652703523aea6208a4e51e48f1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 150932 44c89e0249c85eed09b6f3a6a23db59d\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb\n Size/MD5: 783902 773a80d7a85a452016da3b10b1f3ae43\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz\n Size/MD5: 141023 50d6737005a6d4fe601e223a39293f99\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc\n Size/MD5: 1795 59720f4d7ad291c986d92ec120750c3d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz\n Size/MD5: 6806786 03e0a99a5de0f3f568a0087fb9993af9\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 2219326 d29c903489b894ddf88b23a0fec23e5c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 46636 ee03585b00f277ed98c0de07a683317a\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb\n Size/MD5: 6948222 a3505a83c13cf36c86248079127dd84d\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 259028 5e9bddefad4c58c3ef9fd15d7a06988d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 253218 ee1bfbb759ffade3a52a6782e2f4b66d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 258414 8ef063026de9790bac1965427ce1b584\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 213294 09701d434bd102e4205e551b4525afd1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 214258 e98de48ea01e1132c5f1248a9a018745\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 151140 2f7c7f14b843b2c24de8c67356406449\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 826834 28abdf1c7be886e9be2825d351abaec7\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 87818 670c62615e107920c45893b3377ab2a0\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb\n Size/MD5: 86094 5a7c68fd37066287b4819cba4cfed1f2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 245538 952540b7679ebc8d3ffc953f32d3be0f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 240048 08a7fd4888ffd9188890e57c613c4be7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 244914 955bb5121da808d44aa994386d90723f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 213308 dd16143608ff8c41cb2d5cd27212a57e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 214280 1e1f5d6feef40413f823a19126a018e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 150046 0769d86d26282d1d31615050ae5b8915\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 784198 8760e9c37147d0472dbbfe941c058829\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 87182 21980cb1035d05f69b857870bbcbc085\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb\n Size/MD5: 85572 6a1b8a5e4cb19e815e88335757b06cf3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 242386 859ad63822b7e82c81cd6dcaca088c4a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 236924 200538ce94218c9d8af8532636bfd40a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 241822 3a3183ea4ee77d2677919d3b698f92a1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 213286 bf81273b1db0a4a621085171c2b2b421\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 214264 ed278dab71289d2baae2ea409382fbf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 149758 75f6e2d7bd1cdfe5b1806062c3c859df\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 773424 c7cdc26051bd9443ae25b73776537fb5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 87132 32e7ea89c96a0afce7ce1da457d947fb\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb\n Size/MD5: 85550 1d9b5963aa6ea5c01492ec417ab8510a\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265476 5d03fe6b2da8de98c876941ff78b066f\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 260478 3e3aeaaf496cc86c62a831c59994c1f2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 265154 5eae30e7a33c09b37483f3aab595d0e9\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 213314 879534ebabbb8be86b606e1800dc9cf8\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 214286 922033231a6aa67ecca1c400d47f09c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 164444 74faf68f0baeffcd011155ca9b201039\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 932416 2911758e4ad1b3b401369621301ea76f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 87876 1d45c033ec5498c092f30188cf1d481e\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb\n Size/MD5: 86154 52c1d8806d52fef6f43ab53662953953\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250786 4e8e98dcba5543394ed5f07d141ce408\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 245094 a82bf04fc92b8c275b0c0f25cc81ff91\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 250110 092cf734813ae1d127d7b4f498f936c1\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 213312 98d7062a6bdb58637f7e850b76bfbc80\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 214286 a378e2e0418631cec0f398379a446172\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 154284 ce8b7bbccd359675b70426df15becfed\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 789298 11f088b18425b97367d5bc141da2ef2f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 87384 477b6594866c8c73a8a3603e7e646c68\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb\n Size/MD5: 85686 5562ea5a0e6f01ba12adda3afb65c1b0\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz\n Size/MD5: 185244 1ef59f9642bd9efa35e0808ea804cd0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc\n Size/MD5: 1888 d3bfdecefdd8b1adec8ab35dcf85d2b3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz\n Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2246560 be12bcc117bf165ffd3401486186762e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2336 009d381342b0be5280835a46c91f01d9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2374 7545a3750acea08e95bee86f6a3247e2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2314 17719223d92d46821098ce178b5947d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 284782 4321e3201d8e8d1a9e3c6fbe6864102b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 1424 7b4d96008368549d5600a8c1f64a7559\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb\n Size/MD5: 2366 46add3d428c97fa69a8848a3e4025bb0\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 137080 91e4f72d0f1f0abe91555e1497558fc2\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 138176 5fd6a5ed536306528f9f2c1a0281ad70\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 156646 cfa55666363303b3f44a24fa2929bf01\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 1399630 82b36d57faa29a646e72a1125600c11c\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 92488 ddebef9d1a537520380f85b63c512bef\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb\n Size/MD5: 90880 c6d163edf145da8ff6d102dc0dd1f8d7\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 137102 69dcd0519ca612e02102f52dcb50bf7f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 138200 17221b53903d664823a55faa1ec4d9a9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 155166 4347806710edff47fc051b4a68d5b448\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 1309136 d9a7df212b315fc6f77fc87fa8eb4a04\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 91876 289bf732dd4750a2ce61ab121b04b079\n http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb\n Size/MD5: 90316 add7f446f6b524343c0066a486dd299a\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 137088 571e9f0370b5687acff25f71c4efe33e\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 138192 816a6e033f02114553bbb3627b9c6f9c\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 155090 af8272dc794250c30cd2f66b82486dc2\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 1290606 4c51de07f5a6fe9612de45369e6f35a5\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 91830 06866386df811127f4fd71d6fb2a9e2a\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb\n Size/MD5: 90312 9e68bd8111503135a4eae7265b0084ae\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 137096 61b24dbeb12d7998e5d7014c26410a99\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 138202 599898ff374bde8bfa388e2615064c5a\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 161058 fea8f5b9a80bef9c4cb3405bc37160af\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 1390150 fb1a244728a509586b77d02930fcf10f\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 92400 572c3b0aa5ab717e8c4e4e8248aff1ff\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb\n Size/MD5: 90774 82011ebc757d31e690698cf9913e3adc\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 137098 7f566dfade1678c72eac7dd923ab5987\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 138202 09fbc3145d768cf1f204d47b50e21528\n http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 159488 7cb6c81588adaee162b8c85a1f69e7a7\n http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 1297936 106b0b71f5e928c1d543973b5b1f015b\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 92166 28899fe31226880dfa961d8b05e8fa43\n http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb\n Size/MD5: 90554 f207de0099ed259e2af736e8c82f91c2\n\n\n. Note\n that this security issue does not really apply as zlib compression\n is not enabled in the openssl build provided by Mandriva, but apache\n is patched to address this issue anyway (conserns 2008.1 only). \n \n Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the\n mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c\n in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions,\n allows remote attackers to inject arbitrary web script or HTML via\n wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this\n security issue was initially addressed with MDVSA-2008:195 but the\n patch fixing the issue was added but not applied in 2009.0. \n \n The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not\n properly handle Options=IncludesNOEXEC in the AllowOverride directive,\n which allows local users to gain privileges by configuring (1) Options\n Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a\n .htaccess file, and then inserting an exec element in a .shtml file\n (CVE-2009-1195). \n \n The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy\n module in the Apache HTTP Server before 2.3.3, when a reverse proxy\n is configured, does not properly handle an amount of streamed data\n that exceeds the Content-Length value, which allows remote attackers\n to cause a denial of service (CPU consumption) via crafted requests\n (CVE-2009-1890). \n \n Fix a potential Denial-of-Service attack against mod_deflate or other\n modules, by forcing the server to consume CPU time in compressing a\n large file after a client disconnects (CVE-2009-1891). NOTE: as of 20090903,\n this disclosure has no actionable information. However, because the\n VulnDisco Pack author is a reliable researcher, the issue is being\n assigned a CVE identifier for tracking purposes (CVE-2009-3095). \n \n Apache is affected by SSL injection or man-in-the-middle attacks\n due to a design flaw in the SSL and/or TLS protocols. A short term\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\n these problems. Apache will now reject in-session renegotiation\n (CVE-2009-3555). \n \n Packages for 2008.0 are being provided due to extended support for\n Corporate products. \n \n This update provides a solution to these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n dd2bebdd6726d2d865331d37068a90b7 2008.0/i586/apache-base-2.2.6-8.3mdv2008.0.i586.rpm\n 6de9d36a91b125cc03bafe911b7a38a2 2008.0/i586/apache-devel-2.2.6-8.3mdv2008.0.i586.rpm\n ab7963efad1b7951c94a24075a2070e7 2008.0/i586/apache-htcacheclean-2.2.6-8.3mdv2008.0.i586.rpm\n 42a53b597d5547fb88b7427cacd617a1 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 1dff9d313e93c94e907d8c72348ed2e0 2008.0/i586/apache-mod_cache-2.2.6-8.3mdv2008.0.i586.rpm\n b575ede2978ad47e41d355bd8b192725 2008.0/i586/apache-mod_dav-2.2.6-8.3mdv2008.0.i586.rpm\n 8ff3dee24d2d2d9a8d13e567cf1eaced 2008.0/i586/apache-mod_dbd-2.2.6-8.3mdv2008.0.i586.rpm\n 7bae541dfec14b21700878514750de83 2008.0/i586/apache-mod_deflate-2.2.6-8.3mdv2008.0.i586.rpm\n 19cab766a26ce53bd7e7973ed92f0db4 2008.0/i586/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.i586.rpm\n a1336e4ab4f282c388d7565bde4557fd 2008.0/i586/apache-mod_file_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 6b2f2eb949977349390fa3b06cf257e7 2008.0/i586/apache-mod_ldap-2.2.6-8.3mdv2008.0.i586.rpm\n 3640bbef5262ec0407126e31dd5ddde3 2008.0/i586/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.i586.rpm\n 98793747365606baabc08f22e36a0a04 2008.0/i586/apache-mod_proxy-2.2.6-8.3mdv2008.0.i586.rpm\n d7fe4d88f25d2a01b0809ab5292b0999 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.i586.rpm\n 4c9f48adbd0b1d45a874f06b9275ebe3 2008.0/i586/apache-mod_ssl-2.2.6-8.3mdv2008.0.i586.rpm\n e5a1d9476316ccc9f183cb1ae5bbcf31 2008.0/i586/apache-modules-2.2.6-8.3mdv2008.0.i586.rpm\n 44f7810695a40519c68930695829f124 2008.0/i586/apache-mod_userdir-2.2.6-8.3mdv2008.0.i586.rpm\n d6f666e9954422664d1f029fc147b591 2008.0/i586/apache-mpm-event-2.2.6-8.3mdv2008.0.i586.rpm\n 75e205ddbc9313b8d02519e57919923a 2008.0/i586/apache-mpm-itk-2.2.6-8.3mdv2008.0.i586.rpm\n 6d68e8fa7baccc2ad090c703fb33458e 2008.0/i586/apache-mpm-prefork-2.2.6-8.3mdv2008.0.i586.rpm\n 331f18ce48403472fc7f8af6d5daee8e 2008.0/i586/apache-mpm-worker-2.2.6-8.3mdv2008.0.i586.rpm\n c75e69bcabc104938cb9033e591d1de8 2008.0/i586/apache-source-2.2.6-8.3mdv2008.0.i586.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 3d4afe3f8da8369d80b6c195e132c5c0 2008.0/x86_64/apache-base-2.2.6-8.3mdv2008.0.x86_64.rpm\n 37034ee7c7eb813de2a00a6945a10248 2008.0/x86_64/apache-devel-2.2.6-8.3mdv2008.0.x86_64.rpm\n ba296f9aa229a616a2c406d1a16912c3 2008.0/x86_64/apache-htcacheclean-2.2.6-8.3mdv2008.0.x86_64.rpm\n 77fa75d36e7a4bbe154c846e3271e7a3 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n ca29e2db08b29e319f2392b46ea4c3fe 2008.0/x86_64/apache-mod_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 3fbf5a0276adaa2d887a92482d81313f 2008.0/x86_64/apache-mod_dav-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9c66e471c2d2d3e43462302d0cc6f1c9 2008.0/x86_64/apache-mod_dbd-2.2.6-8.3mdv2008.0.x86_64.rpm\n 05020102a26a28b96319b23e3b6e43d6 2008.0/x86_64/apache-mod_deflate-2.2.6-8.3mdv2008.0.x86_64.rpm\n 7191542417b30ed77334f1b8366628aa 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n f4177dbdcfd2e3dc8e66be731ad731c4 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n fea417664f0a2689fa12308bd80c2fe4 2008.0/x86_64/apache-mod_ldap-2.2.6-8.3mdv2008.0.x86_64.rpm\n 9cf956fa426e6bdf6497337b6e26a2ab 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.3mdv2008.0.x86_64.rpm\n 0d9d04ca878bb3f19f4764152da42d82 2008.0/x86_64/apache-mod_proxy-2.2.6-8.3mdv2008.0.x86_64.rpm\n dbbcd75dd83779f54f98fa3e16b59f13 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.3mdv2008.0.x86_64.rpm\n dce8db6742ba28a71e18b86bb38688c8 2008.0/x86_64/apache-mod_ssl-2.2.6-8.3mdv2008.0.x86_64.rpm\n 2ff69d6e9c2cd3250f6746d4a7d921fd 2008.0/x86_64/apache-modules-2.2.6-8.3mdv2008.0.x86_64.rpm\n f298827d4dfa631a77907f7f5733fa29 2008.0/x86_64/apache-mod_userdir-2.2.6-8.3mdv2008.0.x86_64.rpm\n 6f02fb080e308ca0826fdb1ef00a1489 2008.0/x86_64/apache-mpm-event-2.2.6-8.3mdv2008.0.x86_64.rpm\n b886d30d73c60a515b3ed36d7f186378 2008.0/x86_64/apache-mpm-itk-2.2.6-8.3mdv2008.0.x86_64.rpm\n 62d7754a5aa7af596cc06cd540d4025f 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.3mdv2008.0.x86_64.rpm\n d3438e0967978e580be896bd85f1d953 2008.0/x86_64/apache-mpm-worker-2.2.6-8.3mdv2008.0.x86_64.rpm\n e72af335ec7c3c02b5a494fbd6e99e0e 2008.0/x86_64/apache-source-2.2.6-8.3mdv2008.0.x86_64.rpm \n 23fcdf29e21b0146fb5646baca2fa63b 2008.0/SRPMS/apache-2.2.6-8.3mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHQcamqjQ0CJFipgRAsJgAKDf5oc5UbEz3j+qsMn3tL6F8cujygCfY+cu\nMUj4lK2Wsb+qzbv2V+Ih30U=\n=VdZS\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1934-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nNovember 16, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : multiple issues\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2009-3094 CVE-2009-3095 CVE-2009-3555\n\n\nA design flaw has been found in the TLS and SSL protocol that allows\nan attacker to inject arbitrary content at the beginning of a TLS/SSL\nconnection. The attack is related to the way how TLS and SSL handle\nsession renegotiations. CVE-2009-3555 has been assigned to this\nvulnerability. \n\nAs a partial mitigation against this attack, this apache2 update\ndisables client-initiated renegotiations. This should fix the\nvulnerability for the majority of Apache configurations in use. \n\nNOTE: This is not a complete fix for the problem. The attack is\nstill possible in configurations where the server initiates the\nrenegotiation. This is the case for the following configurations\n(the information in the changelog of the updated packages is\nslightly inaccurate):\n\n- - The \"SSLVerifyClient\" directive is used in a Directory or Location\n context. \n- - The \"SSLCipherSuite\" directive is used in a Directory or Location\n context. \n\nAs a workaround, you may rearrange your configuration in a way that\nSSLVerifyClient and SSLCipherSuite are only used on the server or\nvirtual host level. \n\nA complete fix for the problem will require a protocol change. Further\ninformation will be included in a separate announcement about this\nissue. \n\n\nIn addition, this update fixes the following issues in Apache\u0027s\nmod_proxy_ftp:\n\nCVE-2009-3094: Insufficient input validation in the mod_proxy_ftp\nmodule allowed remote FTP servers to cause a denial of service (NULL\npointer dereference and child process crash) via a malformed reply to\nan EPSV command. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny6. This version also includes some non-security\nbug fixes that were scheduled for inclusion in the next stable point\nrelease (Debian 5.0.4). \n\nThe oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch11. \n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.14-2. \n\nThis advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages. \n\nUpdated apache2-mpm-itk packages for the armel architecture are not\nincluded yet. They will be released as soon as they become available. \n\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk packages. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch (oldstable)\n- -------------------------------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc\n Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz\n Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb\n Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb\n Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb\n Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb\n Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb\n Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb\n Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb\n Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb\n Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb\n Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb\n Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb\n Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb\n Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb\n Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb\n Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb\n Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb\n Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb\n Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb\n Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb\n Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb\n Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb\n Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb\n Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb\n Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874\n\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz\n Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc\n Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz\n Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870\n http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d\n http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb\n Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb\n Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb\n Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb\n Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb\n Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb\n Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb\n Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb\n Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb\n Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb\n Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb\n Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb\n Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb\n Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb\n Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb\n Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb\n Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb\n Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb\n Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb\n Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb\n Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb\n Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb\n Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d\n http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125\n http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb\n Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129\n http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f\n http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f\n http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728\n http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c\n http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb\n Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e\n\n\n These files will probably be moved into the stable distribution on\n its next update. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02002308\nVersion: 1\n\nHPSBOV02506 SSRT090244 rev.1 - HP Secure Web Server for OpenVMS (based on Apache) CSWS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-03-23\nLast Updated: 2010-03-23\n\nPotential Security Impact: Remote Denial of Service (DoS), unauthorized disclosure of information, unauthorized modification of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information. \n\nReferences: CVE-2009-3094, CVE-2009-3095\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3094 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4\nCVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following patch kits available to resolve the vulnerability. \nPatch kit installation instructions are provided in the file SSRT090244 Apache CVE-2009-3094, CVE-2009-3095.txt . \nThe patch kits and installation instructions are available from the following location using ftp:\n\n Host Account Password\n ftp.usa.hp.com ewt01 Welcome1\n\nCSWS version 2.1-1 patch kits are available for both ALPHA and ITANIUM platforms. \n\nItanium Images\n mod_proxy.exe_ia64\n mod_proxy_ftp.exe_ia64\n\nAlpha Images\n mod_proxy.exe_axp\n mod_proxy_ftp.exe_axp\n\nThe patch images will be provided in the next regularly scheduled update of CSWS 2.1-1. \n\nPRODUCT SPECIFIC INFORMATION\nNone\n\nHISTORY\nVersion:1 (rev.1) - 23 March 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkupHKUACgkQ4B86/C0qfVkQwQCePmzcNikMnO+Yl0XoAxIJisjF\nMyoAnAnFiY2qnDFOkjlYCdjtLd3YBIeZ\n=Ag54\n-----END PGP SIGNATURE-----\n. \n\nBAC v8.07 supplies Apache 2.2.17. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3095"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "BID",
"id": "36254"
},
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "111587"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-3095",
"trust": 4.1
},
{
"db": "SECUNIA",
"id": "37152",
"trust": 1.8
},
{
"db": "BID",
"id": "36254",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-2172",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-87714",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-40541",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-3095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82799",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83521",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82647",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "81540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87839",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111587",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "BID",
"id": "36254"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "111587"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"id": "VAR-200909-0399",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULHUB",
"id": "VHN-40541"
}
],
"trust": 0.8720307949999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
}
]
},
"last_update_date": "2026-03-09T23:22:15.623000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache httpd 2.0.64",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
},
{
"title": "Fixed in Apache httpd 2.2.14",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"title": "HT4077",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4077"
},
{
"title": "HT4077",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4077?viewlocale=ja_JP"
},
{
"title": "httpd-2.2.3-31.2.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=774"
},
{
"title": "HPUXWSATW313",
"trust": 0.8,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313"
},
{
"title": "HPSBUX02531",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02160663"
},
{
"title": "PM10658",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658"
},
{
"title": "7007033",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
},
{
"title": "7006876",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60239"
},
{
"title": "7007951",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
},
{
"title": "PK96858",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858\u0026loc=en_US"
},
{
"title": "7008517",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
},
{
"title": "1819",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1819"
},
{
"title": "1820",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1820"
},
{
"title": "RHSA-2009:1579",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1579.html"
},
{
"title": "RHSA-2009:1580",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2009-1580.html"
},
{
"title": "multiple_vulnerabilities_in_the_apache",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"title": "TLSA-2009-30",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2009/TLSA-2009-30j.txt"
},
{
"title": "RHSA-2009:1579",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1579J.html"
},
{
"title": "RHSA-2009:1580 ",
"trust": 0.8,
"url": "https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1580J.html"
},
{
"title": "interstage_as_201007",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201007.html"
},
{
"title": "Patch for Apache mod_proxy_ftp remote command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/290406"
},
{
"title": "Red Hat: Moderate: httpd and httpd22 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100011 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2009-3094, CVE-2009-3095: mod_proxy_ftp DoS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=a36c9e7334a243cf3d9e15331467e21c"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-860-1"
},
{
"title": "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a134c3483f034e2df5ced5ad7428ec"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2009-3095 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4077"
},
{
"trust": 1.8,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 1.8,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.8,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.8,
"url": "http://intevydis.com/vd-list.shtml"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8662"
},
{
"trust": 1.8,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9363"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/37152"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=126998684522511\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=133355494609819\u0026w=2"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=127557640302499\u0026w=2"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3095"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3095"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/36254"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3094"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs."
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.14"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://intevydis.com/company.shtml"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100074555"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100071565"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03236227"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02002308"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96858"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201007e.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3094"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133355494609819\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126998684522511\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557640302499\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2009-3095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2010:0011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/860-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=19087"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.diff.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.11-2ubuntu2.5.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.9_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.9-7ubuntu3.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.9-7ubuntu3.5.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.9_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.9_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.11-2ubuntu2.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.14_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-suexec-custom_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.14_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.9-7ubuntu3.5_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.9_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.14_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.9-7ubuntu3.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.9-7ubuntu3.5_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.11-2ubuntu2.5_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.11-2ubuntu2.5_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-src_2.2.11-2ubuntu2.5_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.14_amd64.deb"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1890"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1195"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1191"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2699"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "BID",
"id": "36254"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "111587"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "VULHUB",
"id": "VHN-40541"
},
{
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"db": "BID",
"id": "36254"
},
{
"db": "PACKETSTORM",
"id": "82799"
},
{
"db": "PACKETSTORM",
"id": "83521"
},
{
"db": "PACKETSTORM",
"id": "82647"
},
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "PACKETSTORM",
"id": "87839"
},
{
"db": "PACKETSTORM",
"id": "111587"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"date": "2009-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-40541"
},
{
"date": "2009-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"date": "2009-09-03T00:00:00",
"db": "BID",
"id": "36254"
},
{
"date": "2009-11-19T18:46:00",
"db": "PACKETSTORM",
"id": "82799"
},
{
"date": "2009-12-07T21:57:59",
"db": "PACKETSTORM",
"id": "83521"
},
{
"date": "2009-11-16T23:36:55",
"db": "PACKETSTORM",
"id": "82647"
},
{
"date": "2009-09-22T21:58:35",
"db": "PACKETSTORM",
"id": "81540"
},
{
"date": "2010-03-31T15:49:00",
"db": "PACKETSTORM",
"id": "87839"
},
{
"date": "2012-04-05T00:55:15",
"db": "PACKETSTORM",
"id": "111587"
},
{
"date": "2009-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"date": "2009-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"date": "2009-09-08T18:30:00.670000",
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"date": "2020-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-40541"
},
{
"date": "2022-09-19T00:00:00",
"db": "VULMON",
"id": "CVE-2009-3095"
},
{
"date": "2015-04-13T22:01:00",
"db": "BID",
"id": "36254"
},
{
"date": "2021-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-108"
},
{
"date": "2010-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002188"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "81540"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache mod_proxy_ftp remote command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-2172"
},
{
"db": "BID",
"id": "36254"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-108"
}
],
"trust": 0.6
}
}
VAR-201707-1241
Vulnerability from variot - Updated: 2026-03-09 23:18In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. Attackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. Versions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. An httpd module using this API function could consequently allow access that should have been denied. JIRA issues fixed (https://issues.jboss.org/):
JBCS-329 - Unable to load large CRL openssl problem JBCS-336 - Errata for httpd 2.4.23 SP2 RHEL 7
- ========================================================================== Ubuntu Security Notice USN-3370-1 July 27, 2017
apache2 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache HTTP Server could be made to crash or leak sensitive information if it received specially crafted network traffic.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: apache2-bin 2.4.25-3ubuntu2.2
Ubuntu 16.04 LTS: apache2-bin 2.4.18-2ubuntu3.4
Ubuntu 14.04 LTS: apache2-bin 2.4.7-1ubuntu4.17
In general, a standard system update will make all the necessary changes.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The updates are documented in the Release Notes document linked to in the References.
This release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a update for Red Hat JBoss Web Server 2, and includes bug fixes, which are documented in the Release Notes document linked to in the References. (CVE-2017-9788)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615)
-
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12617)
-
A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183)
-
A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. (CVE-2017-9798)
Red Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno BAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan Bhargavan (Inria) and GaA<<tan Leurent (Inria) as the original reporters of CVE-2016-2183.
Bug Fix(es):
-
Corruption in nodestatsmem in multiple core dumps but in different functions of each core dump. (BZ#1338640)
-
mod_cluster segfaults in process_info() due to wrongly generated assembler instruction movslq (BZ#1448709)
-
CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)
-
Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest 1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) 1493075 - Unable to load large CRL openssl problem 1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload 1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615
-
Gentoo Linux Security Advisory GLSA 201710-32
https://security.gentoo.org/
Severity: Normal Title: Apache: Multiple vulnerabilities Date: October 29, 2017 Bugs: #622240, #624868, #631308 ID: 201710-32
Synopsis
Multiple vulnerabilities have been found in Apache, the worst of which may result in the loss of secrets.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.4.27-r1 >= 2.4.27-r1
Description
Multiple vulnerabilities have been discovered in Apache. Please review the referenced CVE identifiers for details.
Impact
The Optionsbleed vulnerability can leak arbitrary memory from the server process that may contain secrets.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.27-r1"
References
[ 1 ] CVE-2017-3167 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167 [ 2 ] CVE-2017-3169 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169 [ 3 ] CVE-2017-7659 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659 [ 4 ] CVE-2017-7668 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668 [ 5 ] CVE-2017-7679 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679 [ 6 ] CVE-2017-9788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788 [ 7 ] CVE-2017-9789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789 [ 8 ] CVE-2017-9798 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-32
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2017:2478-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2478 Issue date: 2017-08-15 CVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
Security Fix(es):
-
It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788)
-
It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167)
-
A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169)
-
A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass 1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference 1463207 - CVE-2017-7679 httpd: mod_mime buffer overread 1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
ppc64: httpd-2.2.15-60.el6_9.5.ppc64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm httpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm httpd-devel-2.2.15-60.el6_9.5.ppc.rpm httpd-devel-2.2.15-60.el6_9.5.ppc64.rpm httpd-tools-2.2.15-60.el6_9.5.ppc64.rpm mod_ssl-2.2.15-60.el6_9.5.ppc64.rpm
s390x: httpd-2.2.15-60.el6_9.5.s390x.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm httpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm httpd-devel-2.2.15-60.el6_9.5.s390.rpm httpd-devel-2.2.15-60.el6_9.5.s390x.rpm httpd-tools-2.2.15-60.el6_9.5.s390x.rpm mod_ssl-2.2.15-60.el6_9.5.s390x.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd-2.2.15-60.el6_9.5.src.rpm
i386: httpd-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-tools-2.2.15-60.el6_9.5.i686.rpm mod_ssl-2.2.15-60.el6_9.5.i686.rpm
noarch: httpd-manual-2.2.15-60.el6_9.5.noarch.rpm
x86_64: httpd-2.2.15-60.el6_9.5.x86_64.rpm httpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm httpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm httpd-devel-2.2.15-60.el6_9.5.i686.rpm httpd-devel-2.2.15-60.el6_9.5.x86_64.rpm httpd-tools-2.2.15-60.el6_9.5.x86_64.rpm mod_ssl-2.2.15-60.el6_9.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-3167 https://access.redhat.com/security/cve/CVE-2017-3169 https://access.redhat.com/security/cve/CVE-2017-7679 https://access.redhat.com/security/cve/CVE-2017-9788 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8 Jxb2g1bdehw6Jjq0qF13AEM= =ZvYI -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-1241",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.26"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.13.1"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.33"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "storage automation store",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.4.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.32"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.26"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.16"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.33"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.26"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.25"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.23"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.9"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.8"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.7"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.6"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.24"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.13"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.1"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.0"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.32"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.29"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.22"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.20"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.19"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.17"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.34"
},
{
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.27"
}
],
"sources": [
{
"db": "BID",
"id": "99569"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Swiecki",
"sources": [
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
}
],
"trust": 0.4
},
"cve": "CVE-2017-9788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9788",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-117991",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9788",
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9788",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-931",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117991",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9788",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type \u0027Digest\u0027 was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no \u0027=\u0027 assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. Apache HTTP Server is prone to a memory-corruption vulnerability. \nAttackers can exploit this issue to cause to obtain sensitive information or cause denial-of-service conditions. \nVersions prior to Apache httpd 2.2.34 and 2.4.27 are vulnerable. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. An httpd module using\nthis API function could consequently allow access that should have been\ndenied. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-329 - Unable to load large CRL openssl problem\nJBCS-336 - Errata for httpd 2.4.23 SP2 RHEL 7\n\n7. ==========================================================================\nUbuntu Security Notice USN-3370-1\nJuly 27, 2017\n\napache2 vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 17.04\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nApache HTTP Server could be made to crash or leak sensitive information if\nit received specially crafted network traffic. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 17.04:\n apache2-bin 2.4.25-3ubuntu2.2\n\nUbuntu 16.04 LTS:\n apache2-bin 2.4.18-2ubuntu3.4\n\nUbuntu 14.04 LTS:\n apache2-bin 2.4.7-1ubuntu4.17\n\nIn general, a standard system update will make all the necessary changes. \n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The updates are documented in the Release Notes\ndocument linked to in the References. \n\nThis release of Red Hat JBoss Web Server 2.1.2 Service Pack 2 serves as a\nupdate for Red Hat JBoss Web Server 2, and includes bug fixes, which are\ndocumented in the Release Notes document linked to in the References. \n(CVE-2017-9788)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12615)\n\n* A vulnerability was discovered in Tomcat where if a servlet context was\nconfigured with readonly=false and HTTP PUT requests were allowed, an\nattacker could upload a JSP file to that context and achieve code\nexecution. (CVE-2017-12617)\n\n* A flaw was found in the way the DES/3DES cipher was used as part of the\nTLS/SSL protocol. A man-in-the-middle attacker could use this flaw to\nrecover some plaintext data by capturing large amounts of encrypted traffic\nbetween TLS/SSL server and client if the communication used a DES/3DES\nbased ciphersuite. (CVE-2016-2183)\n\n* A use-after-free flaw was found in the way httpd handled invalid and\npreviously unregistered HTTP methods specified in the Limit directive used\nin an .htaccess file. (CVE-2017-9798)\n\nRed Hat would like to thank OpenVPN for reporting CVE-2016-2183 and Hanno\nBAPck for reporting CVE-2017-9798. Upstream acknowledges Karthikeyan\nBhargavan (Inria) and GaA\u003c\u003ctan Leurent (Inria) as the original reporters of\nCVE-2016-2183. \n\nBug Fix(es):\n\n* Corruption in nodestatsmem in multiple core dumps but in different\nfunctions of each core dump. (BZ#1338640)\n\n* mod_cluster segfaults in process_info() due to wrongly generated\nassembler instruction movslq (BZ#1448709)\n\n* CRL checking of very large CRLs fails with OpenSSL 1.0.2 (BZ#1493075)\n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1369383 - CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n1490344 - CVE-2017-9798 httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed)\n1493075 - Unable to load large CRL openssl problem\n1493220 - CVE-2017-12615 tomcat: Remote Code Execution via JSP Upload\n1494283 - CVE-2017-12617 tomcat: Remote Code Execution bypass for CVE-2017-12615\n\n6. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-32\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Multiple vulnerabilities\n Date: October 29, 2017\n Bugs: #622240, #624868, #631308\n ID: 201710-32\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Apache, the worst of which\nmay result in the loss of secrets. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.4.27-r1 \u003e= 2.4.27-r1 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache. Please review\nthe referenced CVE identifiers for details. \n\nImpact\n======\n\nThe Optionsbleed vulnerability can leak arbitrary memory from the\nserver process that may contain secrets. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.27-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-3167\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3167\n[ 2 ] CVE-2017-3169\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3169\n[ 3 ] CVE-2017-7659\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7659\n[ 4 ] CVE-2017-7668\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7668\n[ 5 ] CVE-2017-7679\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7679\n[ 6 ] CVE-2017-9788\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9788\n[ 7 ] CVE-2017-9789\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9789\n[ 8 ] CVE-2017-9798\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-32\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2017:2478-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2478\nIssue date: 2017-08-15\nCVE Names: CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 \n CVE-2017-9788 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* It was discovered that the httpd\u0027s mod_auth_digest module did not\nproperly initialize memory before using it when processing certain headers\nrelated to digest authentication. A remote attacker could possibly use this\nflaw to disclose potentially sensitive information or cause httpd child\nprocess to crash by sending specially crafted requests to a server. \n(CVE-2017-9788)\n\n* It was discovered that the use of httpd\u0027s ap_get_basic_auth_pw() API\nfunction outside of the authentication phase could lead to authentication\nbypass. A remote attacker could possibly use this flaw to bypass required\nauthentication if the API was used incorrectly by one of the modules used\nby httpd. (CVE-2017-3167)\n\n* A NULL pointer dereference flaw was found in the httpd\u0027s mod_ssl module. \nA remote attacker could use this flaw to cause an httpd child process to\ncrash if another module used by httpd called a certain API function during\nthe processing of an HTTPS request. (CVE-2017-3169)\n\n* A buffer over-read flaw was found in the httpd\u0027s mod_mime module. A user\npermitted to modify httpd\u0027s MIME configuration could use this flaw to cause\nhttpd child process to crash. (CVE-2017-7679)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1463194 - CVE-2017-3167 httpd: ap_get_basic_auth_pw() authentication bypass\n1463197 - CVE-2017-3169 httpd: mod_ssl NULL pointer dereference\n1463207 - CVE-2017-7679 httpd: mod_mime buffer overread\n1470748 - CVE-2017-9788 httpd: Uninitialized memory reflection in mod_auth_digest\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nppc64:\nhttpd-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc.rpm\nhttpd-devel-2.2.15-60.el6_9.5.ppc64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.ppc64.rpm\nmod_ssl-2.2.15-60.el6_9.5.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390.rpm\nhttpd-devel-2.2.15-60.el6_9.5.s390x.rpm\nhttpd-tools-2.2.15-60.el6_9.5.s390x.rpm\nmod_ssl-2.2.15-60.el6_9.5.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd-2.2.15-60.el6_9.5.src.rpm\n\ni386:\nhttpd-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-tools-2.2.15-60.el6_9.5.i686.rpm\nmod_ssl-2.2.15-60.el6_9.5.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-60.el6_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.i686.rpm\nhttpd-debuginfo-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-devel-2.2.15-60.el6_9.5.i686.rpm\nhttpd-devel-2.2.15-60.el6_9.5.x86_64.rpm\nhttpd-tools-2.2.15-60.el6_9.5.x86_64.rpm\nmod_ssl-2.2.15-60.el6_9.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-3167\nhttps://access.redhat.com/security/cve/CVE-2017-3169\nhttps://access.redhat.com/security/cve/CVE-2017-7679\nhttps://access.redhat.com/security/cve/CVE-2017-9788\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZkzq3XlSAg2UNWIIRAjxIAJ9JoJcSMguc2VTpgJl2P5BGoM2IrACfXd/8\nJxb2g1bdehw6Jjq0qF13AEM=\n=ZvYI\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "144136"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "144791"
},
{
"db": "PACKETSTORM",
"id": "143766"
},
{
"db": "PACKETSTORM",
"id": "144968"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9788",
"trust": 2.8
},
{
"db": "BID",
"id": "99569",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TNS-2019-09",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1038906",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "143358",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143534",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "143615",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-117991",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9788",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144136",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144869",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144791",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143766",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144968",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "144136"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "144791"
},
{
"db": "PACKETSTORM",
"id": "143766"
},
{
"db": "PACKETSTORM",
"id": "144968"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"id": "VAR-201707-1241",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T23:18:28.982000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89486"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172710 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172709 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3370-2"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20172708 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-3913-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9fddec113878a445ed8009b9b095457"
},
{
"title": "Debian CVElist Bug Report Logs: apache2: CVE-2017-9788",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5acf2d8c1512b0afa80a30a349e7a2c3"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3370-1"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173240 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173194 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173239 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173193 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173195 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173113 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20173114 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201707-15] apache: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201707-15"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-9788"
},
{
"title": "Amazon Linux AMI: ALAS-2017-892",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-892"
},
{
"title": "Symantec Security Advisories: Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=d2f801f4ee4b743c8db2cea35625dd16"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a22ad41e97bbfc5abb0bb927bf43089c"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2019-09"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=549dc795290b298746065b62b4bb7928"
},
{
"title": "MITRE_NIST",
"trust": 0.1,
"url": "https://github.com/ColumbusCollaboratory/MITRE_NIST "
},
{
"title": "tab_pie_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CredenceID/tab_pie_external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/DennissimOS/platform_external_honggfuzz "
},
{
"title": "nrich",
"trust": 0.1,
"url": "https://github.com/retr0-13/nrich "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/RoseSecurity-Research/Red-Teaming-TTPs "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/khadas/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/bananadroid/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TheXPerienceProject/android_external_honggfuzz "
},
{
"title": "honggfuzz_READ",
"trust": 0.1,
"url": "https://github.com/imbaya2466/honggfuzz_READ "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ForkLineageOS/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Wave-Project/external_honggfuzz "
},
{
"title": "Red-Teaming-TTPs",
"trust": 0.1,
"url": "https://github.com/RoseSecurity/Red-Teaming-TTPs "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/swordphoenix/external_honggfuzz "
},
{
"title": "platform_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroid-r/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/yaap/external_honggfuzz "
},
{
"title": "Shodan-nrich",
"trust": 0.1,
"url": "https://github.com/PawanKumarPandit/Shodan-nrich "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerEdgeR-Android/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Corvus-R/android_external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Ozone-OS/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/StatiXOS/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/crdroidandroid/android_external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/aosp10-public/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/CAF-Extended/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TinkerBoard-Android/rockchip-android-external-honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/Project-1CE/external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP/android_external_honggfuzz "
},
{
"title": "android_external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/ProtonAOSP-platina/android_external_honggfuzz "
},
{
"title": "external-honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard-Android/external-honggfuzz "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Tomoms/android_external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/TinkerBoard2-Android/external_honggfuzz "
},
{
"title": "external_honggfuzz",
"trust": 0.1,
"url": "https://github.com/HavocR/external_honggfuzz "
},
{
"title": "lllnx",
"trust": 0.1,
"url": "https://github.com/lllnx/lllnx "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ep-infosec/50_google_honggfuzz "
},
{
"title": "TEC-MBSD2017",
"trust": 0.1,
"url": "https://github.com/keloud/TEC-MBSD2017 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99569"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2017/dsa-3913"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2478"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2709"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3113"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:3194"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20170911-0002/"
},
{
"trust": 1.7,
"url": "https://support.apple.com/ht208221"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2019-09"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2479"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2483"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2708"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:2710"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3114"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3193"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3195"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3239"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:3240"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038906"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbux03908en_us"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3cannounce.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9788"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-9788"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "https://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748"
},
{
"trust": 0.3,
"url": "http://seclists.org/oss-sec/2017/q3/127"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7679"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3169"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3167"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2183"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-2183"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-9798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7668"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-7679"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2017-3167"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbux03908en_us"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3cannounce.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://httpd.apache.org/security_report.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3370-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.25-3ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.7-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-12615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/3227901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7668"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3167"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7679"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-7659"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-3169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-9789"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7668"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "144136"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "144791"
},
{
"db": "PACKETSTORM",
"id": "143766"
},
{
"db": "PACKETSTORM",
"id": "144968"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117991"
},
{
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"db": "BID",
"id": "99569"
},
{
"db": "PACKETSTORM",
"id": "143358"
},
{
"db": "PACKETSTORM",
"id": "144136"
},
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "144869"
},
{
"db": "PACKETSTORM",
"id": "144791"
},
{
"db": "PACKETSTORM",
"id": "143766"
},
{
"db": "PACKETSTORM",
"id": "144968"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-117991"
},
{
"date": "2017-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"date": "2017-07-11T00:00:00",
"db": "BID",
"id": "99569"
},
{
"date": "2017-07-13T04:44:44",
"db": "PACKETSTORM",
"id": "143358"
},
{
"date": "2017-09-14T19:50:57",
"db": "PACKETSTORM",
"id": "144136"
},
{
"date": "2017-07-27T19:32:22",
"db": "PACKETSTORM",
"id": "143534"
},
{
"date": "2017-11-02T23:50:49",
"db": "PACKETSTORM",
"id": "144869"
},
{
"date": "2017-10-30T15:38:41",
"db": "PACKETSTORM",
"id": "144791"
},
{
"date": "2017-08-15T22:24:00",
"db": "PACKETSTORM",
"id": "143766"
},
{
"date": "2017-11-14T04:32:05",
"db": "PACKETSTORM",
"id": "144968"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"date": "2017-07-13T16:29:00.227000",
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-117991"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9788"
},
{
"date": "2017-08-16T08:10:00",
"db": "BID",
"id": "99569"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-931"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143534"
},
{
"db": "PACKETSTORM",
"id": "143766"
},
{
"db": "PACKETSTORM",
"id": "144968"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache httpd Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-931"
}
],
"trust": 0.6
}
}
VAR-201208-0141
Vulnerability from variot - Updated: 2026-03-09 23:02Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. Attackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
Problem Description:
Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD):
Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs.
Possible XSS for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled (CVE-2012-2687).
Update:
Packages for Mandriva Linux 2011 is also being provided. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFQaa9/mqjQ0CJFipgRAhruAJ9EC4FWiuzvbIXRyxeJEa6ifXWfngCfdzew 7eKtlYj6mMOMjJJ0oekKwnQ= =t10D -----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Hitachi Multiple Products Apache HTTP Server Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID: SA51458
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51458
RELEASE DATE: 2012-11-30
DISCUSS ADVISORY: http://secunia.com/advisories/51458/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51458/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51458
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged some vulnerabilities in multiple Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information see vulnerability #2 in: SA50363
See the vendor's advisory for a list of affected products and versions.
SOLUTION: As a workaround the vendor recommends to disable the mod_negotiation module or remove "MultiViews" from the "Options" lines in the Directory specifications.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03734195
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03734195 Version: 1
HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-04-15 Last Updated: 2013-04-12
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities.
References: HP-UX Apache: CVE-2007-6750, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012 -4558, CVE-2012-4929 Tomcat v6.0 and v7.0: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.25 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2687 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2012-2733 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-3499 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4431 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4534 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-4557 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-4558 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4929 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. The update for B.11.23 and B.11.31 is available for download from ftp://sb_02866:6hq{PM6a@ftp.usa.hp.com
Web Server Suite Version Apache Depot Name
HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat B.5.5.36.01 HP-UX_11.23_HPUXWS22ATW-B326-11-23-64.depot
HP-UX_11.23_HPUXWS22ATW-B326-11-23-32.depot
HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat C.6.0.36.01 HP-UX_11.31_HPUXWS22ATW-B326-11-31-64.depot
HP-UX_11.31_HPUXWS22ATW-B326-11-31-32.depot
Tomcat D.7.035.01 HP-UX_11.31_hpuxws22Tomcat_D.7.0.35.01_HP-UX_B.11.31_IA_PA.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.26 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.15.15 or subsequent
HP-UX B.11.31
hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.36.01 or subsequent
HP-UX B.11.31
hpuxws22TOMCAT.TOMCAT action: install revision D.7.0.35.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 April 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Relevant releases/architectures:
JBoss Enterprise Application Platform 6 for RHEL 5 Server - i386, noarch, x86_64
- Description:
JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/knowledge/docs/
This update removes unused signed JARs; unused SHA1 checksums from JAR MANIFEST.MF files to reduce the Server memory footprint; adds MANIFEST.MF to JAR files where it was previously missing; and removes redundant Javadoc files from the main packages. (BZ#853551)
Security fixes:
Apache CXF checked to ensure XML elements were signed or encrypted by a Supporting Token, but not whether the correct token was used. A remote attacker could transmit confidential information without the appropriate security, and potentially circumvent access controls on web services exposed via Apache CXF. (CVE-2012-2379)
When using role-based authorization to configure EJB access, JACC permissions should be used to determine access; however, due to a flaw the configured authorization modules (JACC, XACML, etc.) were not called, and the JACC permissions were not used to determine access to an EJB. (CVE-2012-4550)
A flaw in the way Apache CXF enforced child policies of WS-SecurityPolicy 1.1 on the client side could, in certain cases, lead to a client failing to sign or encrypt certain elements as directed by the security policy, leading to information disclosure and insecure information transmission. (CVE-2012-2378)
A flaw was found in the way IronJacamar authenticated credentials and returned a valid datasource connection when configured to "allow-multiple-users". A remote attacker, provided the correct subject, could obtain a datasource connection that might belong to a privileged user. (CVE-2012-3428)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks under certain conditions. Note that WS-Policy validation is performed against the operation being invoked, and an attack must pass validation to be successful. (CVE-2012-3451)
When there are no allowed roles for an EJB method invocation, the invocation should be denied for all users. It was found that the processInvocation() method in org.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes all method invocations to proceed when the list of allowed roles is empty. (CVE-2012-4549)
It was found that in Mojarra, the FacesContext that is made available during application startup is held in a ThreadLocal. The reference is not properly cleaned up in all cases. As a result, if a JavaServer Faces (JSF) WAR calls FacesContext.getCurrentInstance() during application startup, another WAR can get access to the leftover context and thus get access to the other WAR's resources. A local attacker could use this flaw to access another WAR's resources using a crafted, deployed application. (CVE-2008-0455, CVE-2012-2687)
Red Hat would like to thank the Apache CXF project for reporting CVE-2012-2379, CVE-2012-2378, and CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation and deployed applications. Refer to the Solution section for further details. The JBoss server process must be restarted for the update to take effect. Also, back up any customized JBoss Enterprise Application Platform 6 configuration files. On update, the configuration files that have been locally modified will not be updated. The updated version of such files will be stored as the rpmnew files. Make sure to locate any such files after the update and merge any changes manually. Bugs fixed (http://bugzilla.redhat.com/):
826533 - CVE-2012-2378 jbossws-cxf, apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side 826534 - CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token 829560 - CVE-2012-2672 Mojarra: deployed web applications can read FacesContext from other applications under certain conditions 843358 - CVE-2012-3428 JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 851896 - CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services 870868 - CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty 870871 - CVE-2012-4550 JBoss JACC: Security constraints configured for EJBs are incorrectly interpreted and not applied
- (CVE-2012-4549)
The apachectl script set an insecure library search path. Running apachectl in an attacker-controlled directory containing a malicious library file could cause arbitrary code execution with the privileges of the user running the apachectl script (typically the root user).
The References section of this erratum contains a download link (you must log in to download the update). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Low: httpd security, bug fix, and enhancement update Advisory ID: RHSA-2013:0130-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html Issue date: 2013-01-08 CVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation.
Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687)
Bug fixes:
-
Previously, no check was made to see if the /etc/pki/tls/private/localhost.key file was a valid key prior to running the "%post" script for the "mod_ssl" package. Consequently, when /etc/pki/tls/certs/localhost.crt did not exist and "localhost.key" was present but invalid, upgrading the Apache HTTP Server daemon (httpd) with mod_ssl failed. The "%post" script has been fixed to test for an existing SSL key. As a result, upgrading httpd with mod_ssl now proceeds as expected. (BZ#752618)
-
The "mod_ssl" module did not support operation under FIPS mode. Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode enabled, httpd failed to start. An upstream patch has been applied to disable non-FIPS functionality if operating under FIPS mode and httpd now starts as expected. (BZ#773473)
-
Prior to this update, httpd exit status codes were not Linux Standard Base (LSB) compliant. When the command "service httpd reload" was run and httpd failed, the exit status code returned was "0" and not in the range 1 to 6 as expected. A patch has been applied to the init script and httpd now returns "1" as an exit status code. (BZ#783242)
-
Chunked Transfer Coding is described in RFC 2616. Previously, the Apache server did not correctly handle a chunked encoded POST request with a "chunk-size" or "chunk-extension" value of 32 bytes or more. Consequently, when such a POST request was made the server did not respond. An upstream patch has been applied and the problem no longer occurs. (BZ#840845)
-
Due to a regression, when mod_cache received a non-cacheable 304 response, the headers were served incorrectly. Consequently, compressed data could be returned to the client without the cached headers to indicate the data was compressed. An upstream patch has been applied to merge response and cached headers before data from the cache is served to the client. As a result, cached data is now correctly interpreted by the client. (BZ#845532)
-
In a proxy configuration, certain response-line strings were not handled correctly. If a response-line without a "description" string was received from the origin server, for a non-standard status code, such as the "450" status code, a "500 Internal Server Error" would be returned to the client. This bug has been fixed so that the original response line is returned to the client. (BZ#853128)
Enhancements:
-
The configuration directive "LDAPReferrals" is now supported in addition to the previously introduced "LDAPChaseReferrals". (BZ#727342)
-
The AJP support module for "mod_proxy", "mod_proxy_ajp", now supports the "ProxyErrorOverride" directive. Consequently, it is now possible to configure customized error pages for web applications running on a backend server accessed via AJP. (BZ#767890)
-
The "%posttrans" scriptlet which automatically restarts the httpd service after a package upgrade can now be disabled. If the file /etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not restart the daemon. (BZ#833042)
-
The output of "httpd -S" now includes configured alias names for each virtual host. (BZ#833043)
-
New certificate variable names are now exposed by "mod_ssl" using the "_DN_userID" suffix, such as "SSL_CLIENT_S_DN_userID", which use the commonly used object identifier (OID) definition of "userID", OID 0.9.2342.19200300.100.1.1. (BZ#840036)
All users of httpd are advised to upgrade to these updated packages, which fix these issues and add these enhancements.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
727342 - LDAPChaseReferrals should be LDAPReferrals 752618 - mod_ssl post install script can cause failures 767890 - The mod_proxy_ajp lacks the ErrorOverride 773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled 783242 - service httpd reload return 0 when it fails 840845 - httpd fails in processing chunked requests with > 31 bytes chunk-size / -extension line 845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data 850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled 879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm
x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm
x86_64: httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm
i386: httpd-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-manual-2.2.3-74.el5.i386.rpm mod_ssl-2.2.3-74.el5.i386.rpm
ia64: httpd-2.2.3-74.el5.ia64.rpm httpd-debuginfo-2.2.3-74.el5.ia64.rpm httpd-devel-2.2.3-74.el5.ia64.rpm httpd-manual-2.2.3-74.el5.ia64.rpm mod_ssl-2.2.3-74.el5.ia64.rpm
ppc: httpd-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc.rpm httpd-debuginfo-2.2.3-74.el5.ppc64.rpm httpd-devel-2.2.3-74.el5.ppc.rpm httpd-devel-2.2.3-74.el5.ppc64.rpm httpd-manual-2.2.3-74.el5.ppc.rpm mod_ssl-2.2.3-74.el5.ppc.rpm
s390x: httpd-2.2.3-74.el5.s390x.rpm httpd-debuginfo-2.2.3-74.el5.s390.rpm httpd-debuginfo-2.2.3-74.el5.s390x.rpm httpd-devel-2.2.3-74.el5.s390.rpm httpd-devel-2.2.3-74.el5.s390x.rpm httpd-manual-2.2.3-74.el5.s390x.rpm mod_ssl-2.2.3-74.el5.s390x.rpm
x86_64: httpd-2.2.3-74.el5.x86_64.rpm httpd-debuginfo-2.2.3-74.el5.i386.rpm httpd-debuginfo-2.2.3-74.el5.x86_64.rpm httpd-devel-2.2.3-74.el5.i386.rpm httpd-devel-2.2.3-74.el5.x86_64.rpm httpd-manual-2.2.3-74.el5.x86_64.rpm mod_ssl-2.2.3-74.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2008-0455.html https://www.redhat.com/security/data/cve/CVE-2008-0456.html https://www.redhat.com/security/data/cve/CVE-2012-2687.html https://access.redhat.com/security/updates/classification/#low
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh /xD6DzmFPZw8MhY2CC19xag= =mexo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1627-1 November 08, 2012
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP server. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Although this issue had been mitigated on the client with newer web browsers, this update also disables SSL data compression on the server. A new SSLCompression directive for Apache has been backported that may be used to re-enable SSL data compression in certain environments. For more information, please refer to: http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression (CVE-2012-4929)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: apache2.2-common 2.2.22-6ubuntu2.1
Ubuntu 12.04 LTS: apache2.2-common 2.2.22-1ubuntu1.2
Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.3
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.10
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.24
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/c",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 2.1,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/f",
"scope": null,
"trust": 1.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/e",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/g",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "web server 02-04-/a",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/d",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/a",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/c",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/i",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/d",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "05-05"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/h",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/f",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/b",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/e",
"scope": null,
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.22"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.17"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.23"
},
{
"_id": null,
"model": "web server 01-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "web server 01-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/m",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "05-00"
},
{
"_id": null,
"model": "web server 01-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/j",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server express )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/i",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/b )",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/o",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "web server 02-04-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/k",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/g",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/h",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/l",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "01-02"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/n",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-02-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.10"
},
{
"_id": null,
"model": "ucosminexus application server express (solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-20(x6)"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.32"
},
{
"_id": null,
"model": "ucosminexus application server enterprise version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a linux )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "cosminexus application server version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "505-05"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"_id": null,
"model": "ucosminexus application server standard (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-70"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.15"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "ucosminexus application server light )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/b",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/r",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-02"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "cosminexus application server 05-02-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-50"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-02-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server version 05-00-/q",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"_id": null,
"model": "cosminexus application server version 05-05-/l",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "cosminexus application server version 05-05-/k",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.6.0"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/a",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "11.1.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-05"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "505-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "11.0.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "ucosminexus client 06-70-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-02"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "ucosminexus application server express )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.5"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.6"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server light )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "ucosminexus client 06-71-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "web server 02-04-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-20"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-71"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-05"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d (windows",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "11.0.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "ucosminexus application server enterpris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.33"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-09"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-20"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.3"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/b )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus client 06-70-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-72-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition l11",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-04"
},
{
"_id": null,
"model": "freeflow print server 73.c5.11",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-01"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.17"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.22"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-71-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "cosminexus client 06-02-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-71-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.4"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"_id": null,
"model": "ucosminexus application server light (windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-70"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-51"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-00"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-05"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.2"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "cosminexus client 06-51-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/q",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "aura experience portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition l10",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "web server 01-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-70"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.3"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "cosminexus client 06-50-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-060"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0.0"
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterpris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "cosminexus application server 05-01-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "05-02"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/o",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/h",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise 06-70-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.18"
},
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "11.1.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.31"
},
{
"_id": null,
"model": "jboss enterprise application platform",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "aura experience portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service platform aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(64)"
},
{
"_id": null,
"model": "cosminexus application server 05-05-/n",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/g )",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus client 06-71-/f",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server 02-04-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-01-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus client 06-71-/g",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-05-/p",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "ucosminexus application server standard-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus service platform windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/k",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform linux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00(x64)"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "10"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-72(*1)"
},
{
"_id": null,
"model": "interstage business application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.12"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard 06-72-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus application server enterprise (solaris(sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "cosminexus application server 05-00-/l",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server version 05-00-/r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "ucosminexus application server standard 06-70-/m",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server 05-00-/s",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hp-ux web server suite",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.14"
},
{
"_id": null,
"model": "cosminexus client 06-00-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "55131"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
},
{
"db": "NVD",
"id": "CVE-2012-2687"
}
]
},
"credits": {
"_id": null,
"data": "Rainer Jung and Niels Heinen",
"sources": [
{
"db": "BID",
"id": "55131"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
}
],
"trust": 0.9
},
"cve": "CVE-2012-2687",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2012-2687",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.1,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-2687",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-378",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2012-2687",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-2687"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
},
{
"db": "NVD",
"id": "CVE-2012-2687"
}
]
},
"description": {
"_id": null,
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Apache HTTP Server is prone to an HTML-injection vulnerability and an information disclosure vulnerability. \nAttackers may leverage these issues to obtain potentially sensitive session information, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible. \n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache\n (ASF HTTPD):\n \n Insecure handling of LD_LIBRARY_PATH was found that could lead to\n the current working directory to be searched for DSOs. \n \n Possible XSS for sites which use mod_negotiation and allow untrusted\n uploads to locations which have MultiViews enabled (CVE-2012-2687). \n\n Update:\n\n Packages for Mandriva Linux 2011 is also being provided. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFQaa9/mqjQ0CJFipgRAhruAJ9EC4FWiuzvbIXRyxeJEa6ifXWfngCfdzew\n7eKtlYj6mMOMjJJ0oekKwnQ=\n=t10D\n-----END PGP SIGNATURE-----\n\n\n. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Multiple Products Apache HTTP Server Cross-Site Scripting\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51458\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51458/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458\n\nRELEASE DATE:\n2012-11-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51458/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51458/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged some vulnerabilities in multiple Hitachi\nproducts, which can be exploited by malicious people to conduct\ncross-site scripting attacks. \n\nFor more information see vulnerability #2 in:\nSA50363\n\nSee the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nAs a workaround the vendor recommends to disable the mod_negotiation\nmodule or remove \"MultiViews\" from the \"Options\" lines in the\nDirectory specifications. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS12-028/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03734195\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03734195\nVersion: 1\n\nHPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service\n(DoS), Execution of Arbitrary Code and other vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-04-15\nLast Updated: 2013-04-12\n\nPotential Security Impact: Remote Denial of Service (DoS), execution of\narbitrary code and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Running\nApache. These vulnerabilities could be exploited remotely to create a Denial\nof Service (DoS) or to execute arbitrary code and other vulnerabilities. \n\nReferences: HP-UX Apache: CVE-2007-6750, CVE-2012-2687, CVE-2012-3499,\nCVE-2012-4557, CVE-2012 -4558, CVE-2012-4929\nTomcat v6.0 and v7.0: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431,\nCVE-2012-4534, CVE-2012-5885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.25 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-2687 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2012-2733 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-3499 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4431 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4534 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-4557 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-4558 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4929 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. \nThe update for B.11.23 and B.11.31 is available for download from\nftp://sb_02866:6hq{PM6a@ftp.usa.hp.com\n\nWeb Server Suite Version\n Apache Depot Name\n\nHP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat\nB.5.5.36.01\n HP-UX_11.23_HPUXWS22ATW-B326-11-23-64.depot\n\nHP-UX_11.23_HPUXWS22ATW-B326-11-23-32.depot\n\nHP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat\nC.6.0.36.01\n HP-UX_11.31_HPUXWS22ATW-B326-11-31-64.depot\n\nHP-UX_11.31_HPUXWS22ATW-B326-11-31-32.depot\n\nTomcat D.7.035.01\n HP-UX_11.31_hpuxws22Tomcat_D.7.0.35.01_HP-UX_B.11.31_IA_PA.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.26 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.15.15 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.36.01 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision D.7.0.35.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 April 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. Relevant releases/architectures:\n\nJBoss Enterprise Application Platform 6 for RHEL 5 Server - i386, noarch, x86_64\n\n3. Description:\n\nJBoss Enterprise Application Platform 6 is a platform for Java applications\nbased on JBoss Application Server 7. \n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.0.0, and includes bug fixes and enhancements. Refer to the 6.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/knowledge/docs/\n\nThis update removes unused signed JARs; unused SHA1 checksums from JAR\nMANIFEST.MF files to reduce the Server memory footprint; adds MANIFEST.MF\nto JAR files where it was previously missing; and removes redundant Javadoc\nfiles from the main packages. (BZ#853551)\n\nSecurity fixes:\n\nApache CXF checked to ensure XML elements were signed or encrypted by a\nSupporting Token, but not whether the correct token was used. A remote\nattacker could transmit confidential information without the appropriate\nsecurity, and potentially circumvent access controls on web services\nexposed via Apache CXF. (CVE-2012-2379)\n\nWhen using role-based authorization to configure EJB access, JACC\npermissions should be used to determine access; however, due to a flaw the\nconfigured authorization modules (JACC, XACML, etc.) were not called, and\nthe JACC permissions were not used to determine access to an EJB. \n(CVE-2012-4550)\n\nA flaw in the way Apache CXF enforced child policies of WS-SecurityPolicy\n1.1 on the client side could, in certain cases, lead to a client failing to\nsign or encrypt certain elements as directed by the security policy,\nleading to information disclosure and insecure information transmission. \n(CVE-2012-2378)\n\nA flaw was found in the way IronJacamar authenticated credentials and\nreturned a valid datasource connection when configured to\n\"allow-multiple-users\". A remote attacker, provided the correct subject,\ncould obtain a datasource connection that might belong to a privileged\nuser. (CVE-2012-3428)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. Note that WS-Policy validation is performed\nagainst the operation being invoked, and an attack must pass validation to\nbe successful. (CVE-2012-3451)\n\nWhen there are no allowed roles for an EJB method invocation, the\ninvocation should be denied for all users. It was found that the\nprocessInvocation() method in\norg.jboss.as.ejb3.security.AuthorizationInterceptor incorrectly authorizes\nall method invocations to proceed when the list of allowed roles is empty. \n(CVE-2012-4549)\n\nIt was found that in Mojarra, the FacesContext that is made available\nduring application startup is held in a ThreadLocal. The reference is not\nproperly cleaned up in all cases. As a result, if a JavaServer Faces (JSF)\nWAR calls FacesContext.getCurrentInstance() during application startup,\nanother WAR can get access to the leftover context and thus get access to\nthe other WAR\u0027s resources. A local attacker could use this flaw to access\nanother WAR\u0027s resources using a crafted, deployed application. (CVE-2008-0455, CVE-2012-2687)\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-2379, CVE-2012-2378, and CVE-2012-3451. \n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications. \nRefer to the Solution section for further details. The\nJBoss server process must be restarted for the update to take effect. Also, back up any customized\nJBoss Enterprise Application Platform 6 configuration files. On update, the\nconfiguration files that have been locally modified will not be updated. \nThe updated version of such files will be stored as the rpmnew files. Make\nsure to locate any such files after the update and merge any changes\nmanually. Bugs fixed (http://bugzilla.redhat.com/):\n\n826533 - CVE-2012-2378 jbossws-cxf, apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side\n826534 - CVE-2012-2379 jbossws-cxf, apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token\n829560 - CVE-2012-2672 Mojarra: deployed web applications can read FacesContext from other applications under certain conditions\n843358 - CVE-2012-3428 JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains\n850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled\n851896 - CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services\n870868 - CVE-2012-4549 JBoss AS: EJB authorization succeeds for any role when allowed roles list is empty\n870871 - CVE-2012-4550 JBoss JACC: Security constraints configured for EJBs are incorrectly interpreted and not applied\n\n6. \n(CVE-2012-4549)\n\nThe apachectl script set an insecure library search path. Running apachectl\nin an attacker-controlled directory containing a malicious library file\ncould cause arbitrary code execution with the privileges of the user\nrunning the apachectl script (typically the root user). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: httpd security, bug fix, and enhancement update\nAdvisory ID: RHSA-2013:0130-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-0130.html\nIssue date: 2013-01-08\nCVE Names: CVE-2008-0455 CVE-2008-0456 CVE-2012-2687 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues, various bugs,\nand add enhancements are now available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nThe httpd packages contain the Apache HTTP Server (httpd), which is the\nnamesake project of The Apache Software Foundation. \n\nInput sanitization flaws were found in the mod_negotiation module. A remote\nattacker able to upload or create files with arbitrary names in a directory\nthat has the MultiViews options enabled, could use these flaws to conduct\ncross-site scripting and HTTP response splitting attacks against users\nvisiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687)\n\nBug fixes:\n\n* Previously, no check was made to see if the\n/etc/pki/tls/private/localhost.key file was a valid key prior to running\nthe \"%post\" script for the \"mod_ssl\" package. Consequently, when\n/etc/pki/tls/certs/localhost.crt did not exist and \"localhost.key\" was\npresent but invalid, upgrading the Apache HTTP Server daemon (httpd) with\nmod_ssl failed. The \"%post\" script has been fixed to test for an existing\nSSL key. As a result, upgrading httpd with mod_ssl now proceeds as\nexpected. (BZ#752618)\n\n* The \"mod_ssl\" module did not support operation under FIPS mode. \nConsequently, when operating Red Hat Enterprise Linux 5 with FIPS mode\nenabled, httpd failed to start. An upstream patch has been applied to\ndisable non-FIPS functionality if operating under FIPS mode and httpd now\nstarts as expected. (BZ#773473)\n\n* Prior to this update, httpd exit status codes were not Linux Standard\nBase (LSB) compliant. When the command \"service httpd reload\" was run and\nhttpd failed, the exit status code returned was \"0\" and not in the range 1\nto 6 as expected. A patch has been applied to the init script and httpd now\nreturns \"1\" as an exit status code. (BZ#783242)\n\n* Chunked Transfer Coding is described in RFC 2616. Previously, the\nApache server did not correctly handle a chunked encoded POST request with\na \"chunk-size\" or \"chunk-extension\" value of 32 bytes or more. \nConsequently, when such a POST request was made the server did not respond. \nAn upstream patch has been applied and the problem no longer occurs. \n(BZ#840845)\n\n* Due to a regression, when mod_cache received a non-cacheable 304\nresponse, the headers were served incorrectly. Consequently, compressed\ndata could be returned to the client without the cached headers to indicate\nthe data was compressed. An upstream patch has been applied to merge\nresponse and cached headers before data from the cache is served to the\nclient. As a result, cached data is now correctly interpreted by the\nclient. (BZ#845532)\n\n* In a proxy configuration, certain response-line strings were not handled\ncorrectly. If a response-line without a \"description\" string was received\nfrom the origin server, for a non-standard status code, such as the \"450\"\nstatus code, a \"500 Internal Server Error\" would be returned to the client. \nThis bug has been fixed so that the original response line is returned to\nthe client. (BZ#853128)\n\nEnhancements:\n\n* The configuration directive \"LDAPReferrals\" is now supported in addition\nto the previously introduced \"LDAPChaseReferrals\". (BZ#727342)\n\n* The AJP support module for \"mod_proxy\", \"mod_proxy_ajp\", now supports the\n\"ProxyErrorOverride\" directive. Consequently, it is now possible to\nconfigure customized error pages for web applications running on a backend\nserver accessed via AJP. (BZ#767890)\n\n* The \"%posttrans\" scriptlet which automatically restarts the httpd service\nafter a package upgrade can now be disabled. If the file\n/etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not\nrestart the daemon. (BZ#833042)\n\n* The output of \"httpd -S\" now includes configured alias names for each\nvirtual host. (BZ#833043)\n\n* New certificate variable names are now exposed by \"mod_ssl\" using the\n\"_DN_userID\" suffix, such as \"SSL_CLIENT_S_DN_userID\", which use the\ncommonly used object identifier (OID) definition of \"userID\", OID\n0.9.2342.19200300.100.1.1. (BZ#840036)\n\nAll users of httpd are advised to upgrade to these updated packages, which\nfix these issues and add these enhancements. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n727342 - LDAPChaseReferrals should be LDAPReferrals\n752618 - mod_ssl post install script can cause failures\n767890 - The mod_proxy_ajp lacks the ErrorOverride\n773473 - [RHEL 5.7] Apache HTTP Server cannot start with mod_ssl when FIPS 140-2 mode enabled\n783242 - service httpd reload return 0 when it fails\n840845 - httpd fails in processing chunked requests with \u003e 31 bytes chunk-size / -extension line\n845532 - mod_cache regression in httpd 2.2.3-65: non-cacheable 304 responses serve bad data\n850794 - CVE-2012-2687 CVE-2008-0455 httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled\n879292 - CVE-2008-0456 httpd: mod_negotiation CRLF injection via untrusted file names in directories with MultiViews enabled\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nmod_ssl-2.2.3-74.el5.i386.rpm\n\nx86_64:\nhttpd-2.2.3-74.el5.x86_64.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nmod_ssl-2.2.3-74.el5.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-manual-2.2.3-74.el5.i386.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.x86_64.rpm\nhttpd-manual-2.2.3-74.el5.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-74.el5.src.rpm\n\ni386:\nhttpd-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-manual-2.2.3-74.el5.i386.rpm\nmod_ssl-2.2.3-74.el5.i386.rpm\n\nia64:\nhttpd-2.2.3-74.el5.ia64.rpm\nhttpd-debuginfo-2.2.3-74.el5.ia64.rpm\nhttpd-devel-2.2.3-74.el5.ia64.rpm\nhttpd-manual-2.2.3-74.el5.ia64.rpm\nmod_ssl-2.2.3-74.el5.ia64.rpm\n\nppc:\nhttpd-2.2.3-74.el5.ppc.rpm\nhttpd-debuginfo-2.2.3-74.el5.ppc.rpm\nhttpd-debuginfo-2.2.3-74.el5.ppc64.rpm\nhttpd-devel-2.2.3-74.el5.ppc.rpm\nhttpd-devel-2.2.3-74.el5.ppc64.rpm\nhttpd-manual-2.2.3-74.el5.ppc.rpm\nmod_ssl-2.2.3-74.el5.ppc.rpm\n\ns390x:\nhttpd-2.2.3-74.el5.s390x.rpm\nhttpd-debuginfo-2.2.3-74.el5.s390.rpm\nhttpd-debuginfo-2.2.3-74.el5.s390x.rpm\nhttpd-devel-2.2.3-74.el5.s390.rpm\nhttpd-devel-2.2.3-74.el5.s390x.rpm\nhttpd-manual-2.2.3-74.el5.s390x.rpm\nmod_ssl-2.2.3-74.el5.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-74.el5.x86_64.rpm\nhttpd-debuginfo-2.2.3-74.el5.i386.rpm\nhttpd-debuginfo-2.2.3-74.el5.x86_64.rpm\nhttpd-devel-2.2.3-74.el5.i386.rpm\nhttpd-devel-2.2.3-74.el5.x86_64.rpm\nhttpd-manual-2.2.3-74.el5.x86_64.rpm\nmod_ssl-2.2.3-74.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2008-0455.html\nhttps://www.redhat.com/security/data/cve/CVE-2008-0456.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-2687.html\nhttps://access.redhat.com/security/updates/classification/#low\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFQ68TMXlSAg2UNWIIRApH8AJ9lf6CJcLnIK7D9siL6M2/OxR1argCeO7mh\n/xD6DzmFPZw8MhY2CC19xag=\n=mexo\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ============================================================================\nUbuntu Security Notice USN-1627-1\nNovember 08, 2012\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP server. With cross-site\nscripting vulnerabilities, if a user were tricked into viewing server\noutput during a crafted server request, a remote attacker could exploit\nthis to modify the contents, or steal confidential data (such as\npasswords), within the same domain. Although this issue had been mitigated on the\nclient with newer web browsers, this update also disables SSL data\ncompression on the server. A new SSLCompression directive for Apache has\nbeen backported that may be used to re-enable SSL data compression in\ncertain environments. For more information, please refer to:\nhttp://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression\n(CVE-2012-4929)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.10:\n apache2.2-common 2.2.22-6ubuntu2.1\n\nUbuntu 12.04 LTS:\n apache2.2-common 2.2.22-1ubuntu1.2\n\nUbuntu 11.10:\n apache2.2-common 2.2.20-1ubuntu1.3\n\nUbuntu 10.04 LTS:\n apache2.2-common 2.2.14-5ubuntu8.10\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.24\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2687"
},
{
"db": "BID",
"id": "55131"
},
{
"db": "VULMON",
"id": "CVE-2012-2687"
},
{
"db": "PACKETSTORM",
"id": "117037"
},
{
"db": "PACKETSTORM",
"id": "118513"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "118916"
},
{
"db": "PACKETSTORM",
"id": "122279"
},
{
"db": "PACKETSTORM",
"id": "118917"
},
{
"db": "PACKETSTORM",
"id": "119316"
},
{
"db": "PACKETSTORM",
"id": "117972"
}
],
"trust": 1.98
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2012-2687",
"trust": 2.7
},
{
"db": "BID",
"id": "55131",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "50894",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "51607",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378",
"trust": 0.6
},
{
"db": "HITACHI",
"id": "HS12-028",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "51458",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2012-2687",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117037",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "118917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119316",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "117972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-2687"
},
{
"db": "BID",
"id": "55131"
},
{
"db": "PACKETSTORM",
"id": "117037"
},
{
"db": "PACKETSTORM",
"id": "118513"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "118916"
},
{
"db": "PACKETSTORM",
"id": "122279"
},
{
"db": "PACKETSTORM",
"id": "118917"
},
{
"db": "PACKETSTORM",
"id": "119316"
},
{
"db": "PACKETSTORM",
"id": "117972"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
},
{
"db": "NVD",
"id": "CVE-2012-2687"
}
]
},
"id": "VAR-201208-0141",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1915078275
},
"last_update_date": "2026-03-09T23:02:24.921000Z",
"patch": {
"_id": null,
"data": [
{
"title": "httpd-2.4.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44210"
},
{
"title": "httpd-2.4.3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44209"
},
{
"title": "Red Hat: Low: httpd security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130130 - Security Advisory"
},
{
"title": "Red Hat: Low: httpd security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130512 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1627-1"
},
{
"title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121591 - Security Advisory"
},
{
"title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121592 - Security Advisory"
},
{
"title": "Red Hat: Important: JBoss Enterprise Application Platform 6.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20121594 - Security Advisory"
},
{
"title": "Pentest-Cheetsheet",
"trust": 0.1,
"url": "https://github.com/MrFrozenPepe/Pentest-Cheetsheet "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "DC-1-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-2687"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-2687"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1591.html"
},
{
"trust": 2.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1594.html"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2012-1592.html"
},
{
"trust": 2.0,
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_xrx13-003_v1.0.pdf"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht5880"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-1627-1"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0130.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/51607"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/55131"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/50894"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19539"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18832"
},
{
"trust": 1.4,
"url": "http://www.apache.org/dist/httpd/changes_2.4.3"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3c0bffea9b-801b-4baa-9534-56f640268e30%40apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.7,
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3c0bffea9b-801b-4baa-9534-56f640268e30@apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2687"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/changes_2.4.3"
},
{
"trust": 0.6,
"url": "http://www.apache.org/dist/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs."
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/announcement2.2.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/announcement2.4.html"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03734195-1"
},
{
"trust": 0.3,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http2"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100170251"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-028/index.html"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.jlu35g..t.ciuo.7ywm.bw89mq%5f%5fcefsfqc0"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/1683f-4d960e4b16bb2/cert_xrx13-004_v1.01.pdf"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2008-0455.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0455"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-2687.html"
},
{
"trust": 0.3,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4557"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3451"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4550"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4549.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3451.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4550.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-2379.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/docs/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3428.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-2672.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2378"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3428"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4549"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-2378.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2379"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2013:0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1627-1/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=26712"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2687"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0883"
},
{
"trust": 0.1,
"url": "http://www.apache.org/dist/httpd/changes_2.2.23"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51458"
},
{
"trust": 0.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs12-028/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51458/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51458/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4558"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=distributions"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0883.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0456"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2008-0456.html"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.24"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-6ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcompression"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-2687"
},
{
"db": "BID",
"id": "55131"
},
{
"db": "PACKETSTORM",
"id": "117037"
},
{
"db": "PACKETSTORM",
"id": "118513"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "118916"
},
{
"db": "PACKETSTORM",
"id": "122279"
},
{
"db": "PACKETSTORM",
"id": "118917"
},
{
"db": "PACKETSTORM",
"id": "119316"
},
{
"db": "PACKETSTORM",
"id": "117972"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
},
{
"db": "NVD",
"id": "CVE-2012-2687"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2012-2687",
"ident": null
},
{
"db": "BID",
"id": "55131",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "117037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "118513",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121319",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "118916",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122279",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "118917",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119316",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "117972",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2012-2687",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2012-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2687",
"ident": null
},
{
"date": "2012-08-21T00:00:00",
"db": "BID",
"id": "55131",
"ident": null
},
{
"date": "2012-10-02T03:46:41",
"db": "PACKETSTORM",
"id": "117037",
"ident": null
},
{
"date": "2012-12-02T04:43:56",
"db": "PACKETSTORM",
"id": "118513",
"ident": null
},
{
"date": "2013-04-16T23:44:17",
"db": "PACKETSTORM",
"id": "121319",
"ident": null
},
{
"date": "2012-12-19T05:36:04",
"db": "PACKETSTORM",
"id": "118916",
"ident": null
},
{
"date": "2013-07-03T19:19:31",
"db": "PACKETSTORM",
"id": "122279",
"ident": null
},
{
"date": "2012-12-19T05:36:14",
"db": "PACKETSTORM",
"id": "118917",
"ident": null
},
{
"date": "2013-01-08T16:07:56",
"db": "PACKETSTORM",
"id": "119316",
"ident": null
},
{
"date": "2012-11-08T23:21:36",
"db": "PACKETSTORM",
"id": "117972",
"ident": null
},
{
"date": "2012-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-378",
"ident": null
},
{
"date": "2012-08-22T19:55:01.633000",
"db": "NVD",
"id": "CVE-2012-2687",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2012-2687",
"ident": null
},
{
"date": "2015-04-13T21:14:00",
"db": "BID",
"id": "55131",
"ident": null
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-378",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-2687",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "119316"
},
{
"db": "PACKETSTORM",
"id": "117972"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Apache HTTP Server Multiple cross-site scripting vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "118513"
},
{
"db": "PACKETSTORM",
"id": "122279"
},
{
"db": "PACKETSTORM",
"id": "117972"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-378"
}
],
"trust": 0.9
}
}
VAR-202301-1527
Vulnerability from variot - Updated: 2026-03-09 22:49A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier. The server is fast, reliable and scalable via a simple API. ========================================================================== Ubuntu Security Notice USN-5839-1 February 01, 2023
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-36760)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server mod_proxy module incorrectly truncated certain response headers. This may result in later headers not being interpreted by the client. (CVE-2022-37436)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: apache2 2.4.54-2ubuntu1.1
Ubuntu 22.04 LTS: apache2 2.4.52-1ubuntu4.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.13
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.26
In general, a standard system update will make all the necessary changes. (BZ#2165975)
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: httpd:2.4 security and bug fix update Advisory ID: RHSA-2023:0852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0852 Issue date: 2023-02-21 CVE Names: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 ==================================================================== 1. Summary:
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Security Fix(es):
-
httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
-
httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. (BZ#2165967)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling 2165967 - httpd-init fails to create localhost.crt, localhost.key due to "sscg" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z]
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm
aarch64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm
noarch: httpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm httpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm
ppc64le: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm
s390x: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm
x86_64: httpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm httpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm mod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm mod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm mod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2006-20001 https://access.redhat.com/security/cve/CVE-2022-36760 https://access.redhat.com/security/cve/CVE-2022-37436 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY/S5HdzjgjWX9erEAQh4bRAAkF3EgQgukNt/nGFBeSNly7ekQ6MZzwx6 /g701Jznu0z/XZM4+lhWIB6Au8sDwHyzp9tL3Mmwb1vSDkJfYMEBNpx22Ku4yr78 AqvAtMbtr3ZRtzlCow12ARhcsoV3mxCNvEs8Gw9ZK7VlJy0bq771jpau14tgZHvU cy3IOQgBUbACHoaJ+C4fpSFtd4ewKuYV9VDQrW08ZhYejF32U/0jFeWKPPAv2VFU gr9EazXKwQp4QF2d/dMOpmuERQNqRWRYKT7SdWykvCIpOjB1NeJ/iTKBK4hZnm3A malqCf3hnWl/6v+ZFRlb62G1UPzVH3xGfNrkBgN96ktGhJ/i7GYKn04zWioP/0mv pp5TsME6BT4J7ykw1SCZRDecFBHXyFKA8E08nXG+/aS9CDiHyUfP2mWyo7wx228Y xUvZYJQA165zaxSC7PG0W52CGeVYhUnBaa1xZKbG00YE+U+eN7KsHnbv+J7VjSnT F2Qm/z4OW1dFZU462VK2XVydYFPBoMormkeHFfOo3N92DdKduOU9rXcL9n++Y8dn 3tpuinfUc82EXeFm79HkVPaKz2R7/sm+dsylaC5QUkJqcbTahAYF2JgrkyfSWA9/ iY86qqDT17rd84adrQfXojb5hc4AKqVMJZuRJv5OGsj7SH/qiCGbYAtUDLf4C31G sw6Iqa1wZ18=EViL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202309-01
https://security.gentoo.org/
Severity: Low Title: Apache HTTPD: Multiple Vulnerabilities Date: September 08, 2023 Bugs: #891211, #900416 ID: 202309-01
Synopsis
Multiple vulnerabilities have been discovered in Apache HTTPD, the worst of which could result in denial of service. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.56"
References
[ 1 ] CVE-2006-20001 https://nvd.nist.gov/vuln/detail/CVE-2006-20001 [ 2 ] CVE-2022-36760 https://nvd.nist.gov/vuln/detail/CVE-2022-36760 [ 3 ] CVE-2022-37436 https://nvd.nist.gov/vuln/detail/CVE-2022-37436 [ 4 ] CVE-2023-25690 https://nvd.nist.gov/vuln/detail/CVE-2023-25690 [ 5 ] CVE-2023-27522 https://nvd.nist.gov/vuln/detail/CVE-2023-27522
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202309-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (bullseye), these problems have been fixed in version 2.4.56-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQYqdQACgkQEMKTtsN8 TjYWeQ//dwKUtLc9oKmjEmiY1QsRsSYdlzMTWA8ow63vdtGD1QU3Xb/CxPSZ22Oh 8zypNP5qtk3m11JA7npd7RNPpF3Gb1V5ebIlKP7GavGBIrGOmvH31hV3IUP4HoXO /mC36BA3twAgyF12HMtdPvj+qaNguYnxXhc02Kt7kl6sq+ybtdCnRnBfJJ2KYXKq tjRedc+HJZa0gSuq9fsFbaQF1OPk1jHEO/ixHhISKhEr1mHO+eLN3soQ9gqaEG/a /0jLUm1ThiBNeK5jkmCXuIuqwwrGHG16Cl9fIKGps1Yb+ef2aJca7onA4IfyUj1d 1S7VmCgFFQe+5eAgdcR77mWS8RyEP/lyItY+ifzGG6xR0EUnDgD7ApcqhZBIJCgU 583Dle+sjvwgb9iSSeNwynqx58Pf4648AJSx6nNlsop4ekE4To5GvKyr/eI3HNqa t9BfVtwqRu4GnnurvJFzh5n2wpRl1JbQMFMx/kxb1He5ioayRtru9guViNA3ylgn d7lbk8FEsvvzS9MM0RVivlWdzD6+FVFHaWoCcwzv+0dFD6iiG5MJMGUr0pElw+ju As6bnKCCoEHU4HK0rKHlVeB6E3Ch7yF+b6PvzZqCqcOE6RB5/I2Nu9S3L78cZWRU nKXf/WHf3Lw+DCB8QKWUBuo0WjkFjmEe/oUCWHGt/UbtXGbSM+E=Bi/w -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Bugs fixed (https://bugzilla.redhat.com/):
2152639 - CVE-2022-43551 curl: HSTS bypass via IDN 2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response 2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte 2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName 2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation 2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF 2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex 2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests 2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service 2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64 2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1527",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "lt",
"trust": 1.6,
"vendor": "apache",
"version": "2.4.55"
},
{
"model": "istorage v\u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "neoface monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "\u5f97\u9078\u8857\u30fbgcb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "spoolserver/reportfiling",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "171178"
},
{
"db": "PACKETSTORM",
"id": "171079"
},
{
"db": "PACKETSTORM",
"id": "172734"
},
{
"db": "PACKETSTORM",
"id": "172731"
}
],
"trust": 0.4
},
"cve": "CVE-2006-20001",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-80558",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-20001",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-20001",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-20001",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-20001",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-80558",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1294",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. \n\nThis issue affects Apache HTTP Server 2.4.54 and earlier. The server is fast, reliable and scalable via a simple API. ==========================================================================\nUbuntu Security Notice USN-5839-1\nFebruary 01, 2023\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. A remote attacker could\npossibly use this issue to perform an HTTP Request Smuggling attack. \n(CVE-2022-36760)\n\nDimas Fariski Setyawan Putra discovered that the Apache HTTP Server\nmod_proxy module incorrectly truncated certain response headers. This may\nresult in later headers not being interpreted by the client. \n(CVE-2022-37436)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n apache2 2.4.54-2ubuntu1.1\n\nUbuntu 22.04 LTS:\n apache2 2.4.52-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.13\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.26\n\nIn general, a standard system update will make all the necessary changes. (BZ#2165975)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: httpd:2.4 security and bug fix update\nAdvisory ID: RHSA-2023:0852-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2023:0852\nIssue date: 2023-02-21\nCVE Names: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436\n====================================================================\n1. Summary:\n\nAn update for the httpd:2.4 module is now available for Red Hat Enterprise\nLinux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* httpd-init fails to create localhost.crt, localhost.key due to \"sscg\"\ndefault now creates a /dhparams.pem and is not idempotent if the file\n/dhparams.pem already exists. (BZ#2165967)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2161773 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting\n2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte\n2161777 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling\n2165967 - httpd-init fails to create localhost.crt, localhost.key due to \"sscg\" default now creates a /dhparams.pem and is not idempotent if the file /dhparams.pem already exists. [rhel-8.7.0.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nhttpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.src.rpm\nmod_http2-1.15.7-5.module+el8.6.0+13996+01710940.src.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.src.rpm\n\naarch64:\nhttpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nhttpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nhttpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nhttpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nhttpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nhttpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_http2-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm\nmod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm\nmod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.aarch64.rpm\nmod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.aarch64.rpm\nmod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\nmod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.aarch64.rpm\n\nnoarch:\nhttpd-filesystem-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm\nhttpd-manual-2.4.37-51.module+el8.7.0+18026+7b169787.1.noarch.rpm\n\nppc64le:\nhttpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nhttpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nhttpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nhttpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nhttpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nhttpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_http2-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm\nmod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm\nmod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.ppc64le.rpm\nmod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.ppc64le.rpm\nmod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\nmod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.ppc64le.rpm\n\ns390x:\nhttpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nhttpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nhttpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nhttpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nhttpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nhttpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_http2-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm\nmod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm\nmod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.s390x.rpm\nmod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.s390x.rpm\nmod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\nmod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.s390x.rpm\n\nx86_64:\nhttpd-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nhttpd-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nhttpd-debugsource-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nhttpd-devel-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nhttpd-tools-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nhttpd-tools-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_http2-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm\nmod_http2-debuginfo-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm\nmod_http2-debugsource-1.15.7-5.module+el8.6.0+13996+01710940.x86_64.rpm\nmod_ldap-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_ldap-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_md-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_md-debuginfo-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_md-debugsource-2.0.8-8.module+el8.3.0+6814+67d1e611.x86_64.rpm\nmod_proxy_html-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_proxy_html-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_session-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_session-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_ssl-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\nmod_ssl-debuginfo-2.4.37-51.module+el8.7.0+18026+7b169787.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2006-20001\nhttps://access.redhat.com/security/cve/CVE-2022-36760\nhttps://access.redhat.com/security/cve/CVE-2022-37436\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2023 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY/S5HdzjgjWX9erEAQh4bRAAkF3EgQgukNt/nGFBeSNly7ekQ6MZzwx6\n/g701Jznu0z/XZM4+lhWIB6Au8sDwHyzp9tL3Mmwb1vSDkJfYMEBNpx22Ku4yr78\nAqvAtMbtr3ZRtzlCow12ARhcsoV3mxCNvEs8Gw9ZK7VlJy0bq771jpau14tgZHvU\ncy3IOQgBUbACHoaJ+C4fpSFtd4ewKuYV9VDQrW08ZhYejF32U/0jFeWKPPAv2VFU\ngr9EazXKwQp4QF2d/dMOpmuERQNqRWRYKT7SdWykvCIpOjB1NeJ/iTKBK4hZnm3A\nmalqCf3hnWl/6v+ZFRlb62G1UPzVH3xGfNrkBgN96ktGhJ/i7GYKn04zWioP/0mv\npp5TsME6BT4J7ykw1SCZRDecFBHXyFKA8E08nXG+/aS9CDiHyUfP2mWyo7wx228Y\nxUvZYJQA165zaxSC7PG0W52CGeVYhUnBaa1xZKbG00YE+U+eN7KsHnbv+J7VjSnT\nF2Qm/z4OW1dFZU462VK2XVydYFPBoMormkeHFfOo3N92DdKduOU9rXcL9n++Y8dn\n3tpuinfUc82EXeFm79HkVPaKz2R7/sm+dsylaC5QUkJqcbTahAYF2JgrkyfSWA9/\niY86qqDT17rd84adrQfXojb5hc4AKqVMJZuRJv5OGsj7SH/qiCGbYAtUDLf4C31G\nsw6Iqa1wZ18=EViL\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202309-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: September 08, 2023\n Bugs: #891211, #900416\n ID: 202309-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in Apache HTTPD, the worst\nof which could result in denial of service. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.56\"\n\nReferences\n==========\n\n[ 1 ] CVE-2006-20001\n https://nvd.nist.gov/vuln/detail/CVE-2006-20001\n[ 2 ] CVE-2022-36760\n https://nvd.nist.gov/vuln/detail/CVE-2022-36760\n[ 3 ] CVE-2022-37436\n https://nvd.nist.gov/vuln/detail/CVE-2022-37436\n[ 4 ] CVE-2023-25690\n https://nvd.nist.gov/vuln/detail/CVE-2023-25690\n[ 5 ] CVE-2023-27522\n https://nvd.nist.gov/vuln/detail/CVE-2023-27522\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202309-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.56-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQYqdQACgkQEMKTtsN8\nTjYWeQ//dwKUtLc9oKmjEmiY1QsRsSYdlzMTWA8ow63vdtGD1QU3Xb/CxPSZ22Oh\n8zypNP5qtk3m11JA7npd7RNPpF3Gb1V5ebIlKP7GavGBIrGOmvH31hV3IUP4HoXO\n/mC36BA3twAgyF12HMtdPvj+qaNguYnxXhc02Kt7kl6sq+ybtdCnRnBfJJ2KYXKq\ntjRedc+HJZa0gSuq9fsFbaQF1OPk1jHEO/ixHhISKhEr1mHO+eLN3soQ9gqaEG/a\n/0jLUm1ThiBNeK5jkmCXuIuqwwrGHG16Cl9fIKGps1Yb+ef2aJca7onA4IfyUj1d\n1S7VmCgFFQe+5eAgdcR77mWS8RyEP/lyItY+ifzGG6xR0EUnDgD7ApcqhZBIJCgU\n583Dle+sjvwgb9iSSeNwynqx58Pf4648AJSx6nNlsop4ekE4To5GvKyr/eI3HNqa\nt9BfVtwqRu4GnnurvJFzh5n2wpRl1JbQMFMx/kxb1He5ioayRtru9guViNA3ylgn\nd7lbk8FEsvvzS9MM0RVivlWdzD6+FVFHaWoCcwzv+0dFD6iiG5MJMGUr0pElw+ju\nAs6bnKCCoEHU4HK0rKHlVeB6E3Ch7yF+b6PvzZqCqcOE6RB5/I2Nu9S3L78cZWRU\nnKXf/WHf3Lw+DCB8QKWUBuo0WjkFjmEe/oUCWHGt/UbtXGbSM+E=Bi/w\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 2 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and\nenhancements, which are documented in the Release Notes document linked to\nin the References. Bugs fixed (https://bugzilla.redhat.com/):\n\n2152639 - CVE-2022-43551 curl: HSTS bypass via IDN\n2152652 - CVE-2022-43552 curl: Use-after-free triggered by an HTTP proxy deny response\n2161774 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte\n2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName\n2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation\n2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF\n2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex\n2167797 - CVE-2023-23914 curl: HSTS ignored on multiple requests\n2167813 - CVE-2023-23915 curl: HSTS amnesia with --parallel\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64\n2176209 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy\n\n6. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-20001"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"db": "PACKETSTORM",
"id": "170816"
},
{
"db": "PACKETSTORM",
"id": "170830"
},
{
"db": "PACKETSTORM",
"id": "171178"
},
{
"db": "PACKETSTORM",
"id": "171079"
},
{
"db": "PACKETSTORM",
"id": "174566"
},
{
"db": "PACKETSTORM",
"id": "171415"
},
{
"db": "PACKETSTORM",
"id": "172734"
},
{
"db": "PACKETSTORM",
"id": "172731"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-20001",
"trust": 4.7
},
{
"db": "PACKETSTORM",
"id": "170830",
"trust": 1.3
},
{
"db": "PACKETSTORM",
"id": "170816",
"trust": 1.3
},
{
"db": "AUSCERT",
"id": "ESB-2023.1118",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.3189",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.1517",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.0791",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.1380",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.0586",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.1252",
"trust": 1.2
},
{
"db": "AUSCERT",
"id": "ESB-2023.0612",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99928083",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU90702915",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-25-133-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-80558",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2006-20001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171178",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171079",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171415",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172734",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172731",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"db": "PACKETSTORM",
"id": "170816"
},
{
"db": "PACKETSTORM",
"id": "170830"
},
{
"db": "PACKETSTORM",
"id": "171178"
},
{
"db": "PACKETSTORM",
"id": "171079"
},
{
"db": "PACKETSTORM",
"id": "174566"
},
{
"db": "PACKETSTORM",
"id": "171415"
},
{
"db": "PACKETSTORM",
"id": "172734"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"id": "VAR-202301-1527",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
}
]
},
"last_update_date": "2026-03-09T22:49:25.232000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2023-217",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2023-80558)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/471781"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=222513"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2006-20001"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2006-20001 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202309-01"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-20001"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1380"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1517"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2006-20001/"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0612"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1118"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/170816/ubuntu-security-notice-usn-5834-1.html"
},
{
"trust": 1.2,
"url": "https://packetstormsecurity.com/files/170830/ubuntu-security-notice-usn-5839-1.html"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0586"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1252"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3189"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0791"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20230316-0005/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99928083/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90702915/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-133-01"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36760"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2006-20001"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37436"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-25690"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-36760"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37436"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25147"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-23915"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-25690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0215"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43552"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-43552"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-23914"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4450"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23914"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-0215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-4304"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25147"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23915"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43551"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-43551"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2006-20001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5834-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5834-1\u003e"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.54-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5839-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.13"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.26"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0970"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0852"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3354"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43680"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-43680"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3355"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"db": "PACKETSTORM",
"id": "170816"
},
{
"db": "PACKETSTORM",
"id": "170830"
},
{
"db": "PACKETSTORM",
"id": "171178"
},
{
"db": "PACKETSTORM",
"id": "171079"
},
{
"db": "PACKETSTORM",
"id": "174566"
},
{
"db": "PACKETSTORM",
"id": "171415"
},
{
"db": "PACKETSTORM",
"id": "172734"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"db": "PACKETSTORM",
"id": "170816"
},
{
"db": "PACKETSTORM",
"id": "170830"
},
{
"db": "PACKETSTORM",
"id": "171178"
},
{
"db": "PACKETSTORM",
"id": "171079"
},
{
"db": "PACKETSTORM",
"id": "174566"
},
{
"db": "PACKETSTORM",
"id": "171415"
},
{
"db": "PACKETSTORM",
"id": "172734"
},
{
"db": "PACKETSTORM",
"id": "172731"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"date": "2023-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"date": "2023-01-31T17:16:26",
"db": "PACKETSTORM",
"id": "170816"
},
{
"date": "2023-02-01T17:50:42",
"db": "PACKETSTORM",
"id": "170830"
},
{
"date": "2023-02-28T17:13:39",
"db": "PACKETSTORM",
"id": "171178"
},
{
"date": "2023-02-21T16:50:34",
"db": "PACKETSTORM",
"id": "171079"
},
{
"date": "2023-09-08T20:44:43",
"db": "PACKETSTORM",
"id": "174566"
},
{
"date": "2023-03-21T17:41:11",
"db": "PACKETSTORM",
"id": "171415"
},
{
"date": "2023-06-06T16:30:34",
"db": "PACKETSTORM",
"id": "172734"
},
{
"date": "2023-06-06T16:29:30",
"db": "PACKETSTORM",
"id": "172731"
},
{
"date": "2023-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"date": "2023-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"date": "2023-01-17T20:15:11.177000",
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-80558"
},
{
"date": "2023-01-17T00:00:00",
"db": "VULMON",
"id": "CVE-2006-20001"
},
{
"date": "2023-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1294"
},
{
"date": "2025-09-22T02:55:00",
"db": "JVNDB",
"id": "JVNDB-2006-004077"
},
{
"date": "2025-02-13T17:15:21.913000",
"db": "NVD",
"id": "CVE-2006-20001"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "170816"
},
{
"db": "PACKETSTORM",
"id": "170830"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a02\u00a0 memory read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-004077"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1294"
}
],
"trust": 0.6
}
}
VAR-200705-0688
Vulnerability from variot - Updated: 2026-03-09 22:49The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.The server could fall into a denial of service (DoS) state when continuously receiving fraudulent responses from backend Web servers. The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses. Attackers may exploit this issue to cause denial-of-service conditions. Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected.
A cross-site scripting vulnerability was found in the mod_proxy_ftp module in Apache that allowed remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939).
The updated packages have been patched to prevent these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
Updated Packages:
Mandriva Linux 2007.1: 7ba0fa98b5e5f34f2c3bb5798f300736 2007.1/i586/apache-base-2.2.4-6.5mdv2007.1.i586.rpm 82dccbbcca45d5aba2c7a9afb615ffb7 2007.1/i586/apache-devel-2.2.4-6.5mdv2007.1.i586.rpm 43c50d9ad73f39e88acf35a48915f472 2007.1/i586/apache-htcacheclean-2.2.4-6.5mdv2007.1.i586.rpm 7e7821b41de94eba4e413c4218e72f05 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.i586.rpm 82b527ca5b90f4857ece74972c34bd2b 2007.1/i586/apache-mod_cache-2.2.4-6.5mdv2007.1.i586.rpm 4bc7f0488a4c8ea05446ea04611fa671 2007.1/i586/apache-mod_dav-2.2.4-6.5mdv2007.1.i586.rpm fa53bb715a9733fc5f4ef8a18e8a1577 2007.1/i586/apache-mod_dbd-2.2.4-6.5mdv2007.1.i586.rpm d9759e97fb29783b69ee4bebba96e9d8 2007.1/i586/apache-mod_deflate-2.2.4-6.5mdv2007.1.i586.rpm 9934937a1a7fb3ab277daac03a04fd6e 2007.1/i586/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.i586.rpm 4f16a0af444be1610749287944264d1b 2007.1/i586/apache-mod_file_cache-2.2.4-6.5mdv2007.1.i586.rpm 9b1fc5ab5579bde1fbfb9ae08b18d1ec 2007.1/i586/apache-mod_ldap-2.2.4-6.5mdv2007.1.i586.rpm 9a9029063f10dd3fa81ee4eed3fe5d51 2007.1/i586/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.i586.rpm 6930a06576c337ca7ecaab2a8cf4ca59 2007.1/i586/apache-mod_proxy-2.2.4-6.5mdv2007.1.i586.rpm c7834d18c0999590abb42d3efad7a035 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.i586.rpm 641b5bc3988af4ee0f5600e2d34c1230 2007.1/i586/apache-mod_ssl-2.2.4-6.5mdv2007.1.i586.rpm af9bada6d30145bfaa58be10eec6798b 2007.1/i586/apache-modules-2.2.4-6.5mdv2007.1.i586.rpm 796296888cfb7978fbca22764de10753 2007.1/i586/apache-mod_userdir-2.2.4-6.5mdv2007.1.i586.rpm 110acb3a28bf8e911309afd7d5381950 2007.1/i586/apache-mpm-event-2.2.4-6.5mdv2007.1.i586.rpm 065949244c838c9ec8baf47e66227803 2007.1/i586/apache-mpm-itk-2.2.4-6.5mdv2007.1.i586.rpm ad0e0e109fbed8fc7be0d6b8b36c7503 2007.1/i586/apache-mpm-prefork-2.2.4-6.5mdv2007.1.i586.rpm 31ce817bb36ec93214fdb177f86096cf 2007.1/i586/apache-mpm-worker-2.2.4-6.5mdv2007.1.i586.rpm 5eba2d9af248c7107279f21cd4bde2b3 2007.1/i586/apache-source-2.2.4-6.5mdv2007.1.i586.rpm 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 5997be8532eccc8f20f5c121895df248 2007.1/x86_64/apache-base-2.2.4-6.5mdv2007.1.x86_64.rpm 096a4e2f17838c847099f2dc41e4ca5a 2007.1/x86_64/apache-devel-2.2.4-6.5mdv2007.1.x86_64.rpm b4f3cd71a3683bcc4e9b1dcdabcbfdaa 2007.1/x86_64/apache-htcacheclean-2.2.4-6.5mdv2007.1.x86_64.rpm f03a92759c1159477f04890092636f27 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm 1bc914605bd0c3b05d455eeb053068e2 2007.1/x86_64/apache-mod_cache-2.2.4-6.5mdv2007.1.x86_64.rpm 3e8aaa6e0d70bdc5f439928f102a5f61 2007.1/x86_64/apache-mod_dav-2.2.4-6.5mdv2007.1.x86_64.rpm a51dabbb6220c17ecdb001cf1444e99f 2007.1/x86_64/apache-mod_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm 1252150d2fc936309c6cb9794627cc8f 2007.1/x86_64/apache-mod_deflate-2.2.4-6.5mdv2007.1.x86_64.rpm bc4878995bfe34a46419a3a6aa090d91 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.x86_64.rpm cd8b213c41d3dce5070483cf2e9d71e2 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.5mdv2007.1.x86_64.rpm ec1a79f3d6defecb3ed2dbf8d85ba98c 2007.1/x86_64/apache-mod_ldap-2.2.4-6.5mdv2007.1.x86_64.rpm 6158e3825e4b7e631f6c6eab65660aab 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.x86_64.rpm 4b01be50b5531dfd3a92189388165c7b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.5mdv2007.1.x86_64.rpm 32735f0b995664e2983c3768473db144 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.x86_64.rpm a1709d589420b97e255a7f5db47e859c 2007.1/x86_64/apache-mod_ssl-2.2.4-6.5mdv2007.1.x86_64.rpm 936c34490fcc180777a3248d9970da5a 2007.1/x86_64/apache-modules-2.2.4-6.5mdv2007.1.x86_64.rpm 0364549013611e3e748a917a6269a61d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.5mdv2007.1.x86_64.rpm 2640fd4b78d98e1aa7a8d994d7610b16 2007.1/x86_64/apache-mpm-event-2.2.4-6.5mdv2007.1.x86_64.rpm 4edad0e4f3119f88d4360d5a11dd3fd4 2007.1/x86_64/apache-mpm-itk-2.2.4-6.5mdv2007.1.x86_64.rpm 6ed107f6f60a88008aa0a21d1133c78e 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.5mdv2007.1.x86_64.rpm c39136dbd1fe0d53b80ed5fb232c775b 2007.1/x86_64/apache-mpm-worker-2.2.4-6.5mdv2007.1.x86_64.rpm 46b245caca2ae8afa49d9e13122cae58 2007.1/x86_64/apache-source-2.2.4-6.5mdv2007.1.x86_64.rpm 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm
Mandriva Linux 2008.0: 9fba06d7b75a7400faf855f0947f0ead 2008.0/i586/apache-base-2.2.6-8.2mdv2008.0.i586.rpm c560ededd59c4f2556074326363991fe 2008.0/i586/apache-devel-2.2.6-8.2mdv2008.0.i586.rpm 80cb61aff0fc88d4e88074bfaf789e0a 2008.0/i586/apache-htcacheclean-2.2.6-8.2mdv2008.0.i586.rpm 69d3778cb2452189e9586c2f517c67ff 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.i586.rpm 3b965dacd1d53c70b21bcbb45b62b4e4 2008.0/i586/apache-mod_cache-2.2.6-8.2mdv2008.0.i586.rpm 6b780e4611adb7d56bd562334f98c6ef 2008.0/i586/apache-mod_dav-2.2.6-8.2mdv2008.0.i586.rpm 148aad51fd72443d47f8afbf07943fc0 2008.0/i586/apache-mod_dbd-2.2.6-8.2mdv2008.0.i586.rpm e908b7d6220cb636d53a9989ed84337b 2008.0/i586/apache-mod_deflate-2.2.6-8.2mdv2008.0.i586.rpm 3ecc6c18d5ee2e34b6e3c770ce28199a 2008.0/i586/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.i586.rpm 7557a733237c84de3477113a80119656 2008.0/i586/apache-mod_file_cache-2.2.6-8.2mdv2008.0.i586.rpm 586a9e027e6ec327c24f231d1c2705e3 2008.0/i586/apache-mod_ldap-2.2.6-8.2mdv2008.0.i586.rpm de055c23ec9eac3ac78f6a31146db8a9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.i586.rpm 4a32c704527fd42c97ffb8be87531363 2008.0/i586/apache-mod_proxy-2.2.6-8.2mdv2008.0.i586.rpm ad7bdc0861c42629366b0c4f0552eb0a 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.i586.rpm 0ae1b7ba57162f8ae870e08e48f0d964 2008.0/i586/apache-mod_ssl-2.2.6-8.2mdv2008.0.i586.rpm 2d848e1ee979d12c66ef10b638ebce6e 2008.0/i586/apache-modules-2.2.6-8.2mdv2008.0.i586.rpm 085e672acacd0642f2baa8bce631b26b 2008.0/i586/apache-mod_userdir-2.2.6-8.2mdv2008.0.i586.rpm 3564507283ffddfaa528991d514ce3c4 2008.0/i586/apache-mpm-event-2.2.6-8.2mdv2008.0.i586.rpm 360033e8459d52a323753246d977eb2b 2008.0/i586/apache-mpm-itk-2.2.6-8.2mdv2008.0.i586.rpm ca4c9127740d3a433087031c706878ab 2008.0/i586/apache-mpm-prefork-2.2.6-8.2mdv2008.0.i586.rpm b892724c9776743f777ebf9da44159a8 2008.0/i586/apache-mpm-worker-2.2.6-8.2mdv2008.0.i586.rpm 15cc53561ac91ba3f89af6c2057726a7 2008.0/i586/apache-source-2.2.6-8.2mdv2008.0.i586.rpm fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: f5c28f5db00c8d87e77bbe8b387c29e1 2008.0/x86_64/apache-base-2.2.6-8.2mdv2008.0.x86_64.rpm 2ea378183715ca15ead2b60c0ba6d1f3 2008.0/x86_64/apache-devel-2.2.6-8.2mdv2008.0.x86_64.rpm d15052d92f5918f47be634f052f5c8f8 2008.0/x86_64/apache-htcacheclean-2.2.6-8.2mdv2008.0.x86_64.rpm e00bae3dea071434ee63a0708f9cb2c9 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm e16ceda13087b1e924b1233fa4c58568 2008.0/x86_64/apache-mod_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 86ddeb3f207a928c537a1bac4a3b59f1 2008.0/x86_64/apache-mod_dav-2.2.6-8.2mdv2008.0.x86_64.rpm 2a239f7bd6a3e74a29b69f29f217fd98 2008.0/x86_64/apache-mod_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm 6c3faec4fd23ed64ecbf508097fa948c 2008.0/x86_64/apache-mod_deflate-2.2.6-8.2mdv2008.0.x86_64.rpm 286c89f9021f2e766324f52196b6e03f 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 480c9861c06f5b535bcd0bd87e225023 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.2mdv2008.0.x86_64.rpm 61ed284bda26162a1da185a2aedca12e 2008.0/x86_64/apache-mod_ldap-2.2.6-8.2mdv2008.0.x86_64.rpm 2c8670da45ffbff476a189f4af7eecb3 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.x86_64.rpm bee8fdde4536e497abfc7e48dd659689 2008.0/x86_64/apache-mod_proxy-2.2.6-8.2mdv2008.0.x86_64.rpm d45fe91cccf27cd403cfb2fd2f5bb5ba 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.x86_64.rpm d9becf61089cb4dc0b224e4fccb11fb4 2008.0/x86_64/apache-mod_ssl-2.2.6-8.2mdv2008.0.x86_64.rpm 62ac5f1ec4c984dce76176203f5eeb6e 2008.0/x86_64/apache-modules-2.2.6-8.2mdv2008.0.x86_64.rpm 7042049d1d0b99c1e7f46142d6993761 2008.0/x86_64/apache-mod_userdir-2.2.6-8.2mdv2008.0.x86_64.rpm bd06a8f2c4074d5722556c38c5e0dc03 2008.0/x86_64/apache-mpm-event-2.2.6-8.2mdv2008.0.x86_64.rpm 6848d1ad52463fbf9de4631b22a4dd81 2008.0/x86_64/apache-mpm-itk-2.2.6-8.2mdv2008.0.x86_64.rpm 6bc3fee77b90a73d54dba755a96f4e11 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.2mdv2008.0.x86_64.rpm e9b20462aef79d790d604da2e59cc503 2008.0/x86_64/apache-mpm-worker-2.2.6-8.2mdv2008.0.x86_64.rpm a378e191f066f819419106a65e472535 2008.0/x86_64/apache-source-2.2.6-8.2mdv2008.0.x86_64.rpm fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 19bd0997c144cfd6c0792227f97c840a 2008.1/i586/apache-base-2.2.8-6.1mdv2008.1.i586.rpm c0bc6f89d51f7aeb0a907155ce424e63 2008.1/i586/apache-devel-2.2.8-6.1mdv2008.1.i586.rpm 38019754e020560317f9e4143c31120b 2008.1/i586/apache-htcacheclean-2.2.8-6.1mdv2008.1.i586.rpm 9d4d3b487b9e4a930e0dfad6f9a86b11 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.i586.rpm dcd9a987da631e20f0af5825c7a0f4cf 2008.1/i586/apache-mod_cache-2.2.8-6.1mdv2008.1.i586.rpm 9d77821dcb46af8c01e7dd30a74fd3f5 2008.1/i586/apache-mod_dav-2.2.8-6.1mdv2008.1.i586.rpm 7ec8c8bec08a8c7812e93ae6f630d721 2008.1/i586/apache-mod_dbd-2.2.8-6.1mdv2008.1.i586.rpm 4b3f7f658ca523658fcff97884404569 2008.1/i586/apache-mod_deflate-2.2.8-6.1mdv2008.1.i586.rpm 838d9649e9f9850ff7f50a9686783958 2008.1/i586/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.i586.rpm 114c083f976c1c59f9ed2fc7865f47b9 2008.1/i586/apache-mod_file_cache-2.2.8-6.1mdv2008.1.i586.rpm efc293cd668271a0131d84a9776e7cb4 2008.1/i586/apache-mod_ldap-2.2.8-6.1mdv2008.1.i586.rpm e1e2413f175fa207ffb8d5ce2903439f 2008.1/i586/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.i586.rpm 80e42fb54b7c926bd4ae6c8869bfe2b4 2008.1/i586/apache-mod_proxy-2.2.8-6.1mdv2008.1.i586.rpm b14cb1c38ff72f65af3dc26f419248b2 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.i586.rpm 222d326db8d3d9c7ff49a5edf54ad460 2008.1/i586/apache-mod_ssl-2.2.8-6.1mdv2008.1.i586.rpm 8d4d65f206604150103a767559ce4ac0 2008.1/i586/apache-modules-2.2.8-6.1mdv2008.1.i586.rpm a02bf7d7cd6cb86b24728055f31e00e8 2008.1/i586/apache-mod_userdir-2.2.8-6.1mdv2008.1.i586.rpm 762b5a44d6ab770663e7802db5880c5c 2008.1/i586/apache-mpm-event-2.2.8-6.1mdv2008.1.i586.rpm 1ad89877cf9e1d19c9c0ae31da79cc4b 2008.1/i586/apache-mpm-itk-2.2.8-6.1mdv2008.1.i586.rpm 9e88d760212153696531a36e44e599da 2008.1/i586/apache-mpm-prefork-2.2.8-6.1mdv2008.1.i586.rpm f50d7edde588f2439aa4e831a63c35d7 2008.1/i586/apache-mpm-worker-2.2.8-6.1mdv2008.1.i586.rpm a9f60a580681ac55bc61ae250326dc6a 2008.1/i586/apache-source-2.2.8-6.1mdv2008.1.i586.rpm ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 7aafb608166a15e6373c11011e72117d 2008.1/x86_64/apache-base-2.2.8-6.1mdv2008.1.x86_64.rpm 9c39fe151fc9261c77fc5484f793358d 2008.1/x86_64/apache-devel-2.2.8-6.1mdv2008.1.x86_64.rpm d5dd9482dbfed961af363261f769a136 2008.1/x86_64/apache-htcacheclean-2.2.8-6.1mdv2008.1.x86_64.rpm a839a342ce15d6076907fa85b652ac45 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm c1cdf8ea93464f350cd5a97282a963a8 2008.1/x86_64/apache-mod_cache-2.2.8-6.1mdv2008.1.x86_64.rpm 0ebe3595df3974b090e1e41653a61ac8 2008.1/x86_64/apache-mod_dav-2.2.8-6.1mdv2008.1.x86_64.rpm 50d80ef4989cecf6d9b4d3a36e91c3f8 2008.1/x86_64/apache-mod_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm 89badb88265d34c6b4dafcbd7240618d 2008.1/x86_64/apache-mod_deflate-2.2.8-6.1mdv2008.1.x86_64.rpm 6814c312ec71fa619e1533f08ed3d1fa 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.x86_64.rpm ea7900772a2a78ba4913c41762c39069 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.1mdv2008.1.x86_64.rpm b146eaeb311a6107d51413bc29d70315 2008.1/x86_64/apache-mod_ldap-2.2.8-6.1mdv2008.1.x86_64.rpm 7198b641d46ea2f24664c4a9d02b9063 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.x86_64.rpm e04cdfbbad417123adae10cf13a2b626 2008.1/x86_64/apache-mod_proxy-2.2.8-6.1mdv2008.1.x86_64.rpm 8f9a04efe7760b08220b27f1cabd8a49 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.x86_64.rpm 8ed701d6c742a5e60196653f79989a8a 2008.1/x86_64/apache-mod_ssl-2.2.8-6.1mdv2008.1.x86_64.rpm 3beb942d20bf63c2bc8cef202ef0e0aa 2008.1/x86_64/apache-modules-2.2.8-6.1mdv2008.1.x86_64.rpm fd40ed97d50b583c7f21a686d8146c7d 2008.1/x86_64/apache-mod_userdir-2.2.8-6.1mdv2008.1.x86_64.rpm f7451170b9c2c7f3f55a0d44567bebfe 2008.1/x86_64/apache-mpm-event-2.2.8-6.1mdv2008.1.x86_64.rpm 6e1b59583a15313f8dbf347170ec581d 2008.1/x86_64/apache-mpm-itk-2.2.8-6.1mdv2008.1.x86_64.rpm b60967808f886fc4444054fe4ba685fd 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.1mdv2008.1.x86_64.rpm 0ab90ebae3fcfd1fa809e62e546222db 2008.1/x86_64/apache-mpm-worker-2.2.8-6.1mdv2008.1.x86_64.rpm 7726d40130eb5a14d8cf272cd08f7485 2008.1/x86_64/apache-source-2.2.8-6.1mdv2008.1.x86_64.rpm ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm
Corporate 4.0: b59bbaecc0f3c6301bee564c2862430a corporate/4.0/i586/apache-base-2.2.3-1.4.20060mlcs4.i586.rpm b3141af91788ac68afd1cfb34426cec3 corporate/4.0/i586/apache-devel-2.2.3-1.4.20060mlcs4.i586.rpm 309db27fc902b7eb77e0fd2b5e03359f corporate/4.0/i586/apache-htcacheclean-2.2.3-1.4.20060mlcs4.i586.rpm 8e7d56d01a51b7239b080765fd858088 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.i586.rpm 8e6bd8c3a89f5f277fb56e60b37bb6a9 corporate/4.0/i586/apache-mod_cache-2.2.3-1.4.20060mlcs4.i586.rpm fd99c7e58d56eb14a0e94c27edb2daf2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.4.20060mlcs4.i586.rpm 75968093eca9011dd115d948c44f29ba corporate/4.0/i586/apache-mod_dbd-2.2.3-1.4.20060mlcs4.i586.rpm ba5118b4c1caa7e4b75229b5643b06b9 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.4.20060mlcs4.i586.rpm abb27116fae7ff7d319516c0f9a0a5e4 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.i586.rpm e1bb6ed7fb0fbb39f762a932f34dc67b corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.i586.rpm a3d85c92d66a0ca0ed6dc6a6c6df23b4 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.4.20060mlcs4.i586.rpm eca828a6bd374d98af6fd785aa6970af corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.i586.rpm 8e28a95bd7f655c5b98c7405ca74de18 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.4.20060mlcs4.i586.rpm 23a2687957dae00dadc44b864032a838 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.i586.rpm a4a143aa2f9f8b1d3cedf68429a90fa4 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.4.20060mlcs4.i586.rpm 779cf371acd7012ac1acfaac0062a38a corporate/4.0/i586/apache-modules-2.2.3-1.4.20060mlcs4.i586.rpm e1a8927f0cfd3a08ca2af42ebc64932e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.4.20060mlcs4.i586.rpm 3415eea7176bb392b87540c2bfcfed2b corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.i586.rpm 9b79811544ad30fd91608d5839b521eb corporate/4.0/i586/apache-mpm-worker-2.2.3-1.4.20060mlcs4.i586.rpm 1403616f0ba1cbcc552f7e33a32b303f corporate/4.0/i586/apache-source-2.2.3-1.4.20060mlcs4.i586.rpm fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64: e46ce6fe84b67d3d6caf6782d9352555 corporate/4.0/x86_64/apache-base-2.2.3-1.4.20060mlcs4.x86_64.rpm 5b1993dca50465213ca285d3fc38bc07 corporate/4.0/x86_64/apache-devel-2.2.3-1.4.20060mlcs4.x86_64.rpm 7076dbe94461207aa2399b887e6b669f corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.4.20060mlcs4.x86_64.rpm e51acf392e315892cfc60ef342b3e9f0 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm 270e619d353fa9348b2d5713e660bb69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm 8e8ae8e260b69d7150c6d7f8162eb261 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.4.20060mlcs4.x86_64.rpm 11fc6ca48580398733c9c26c6097aeb8 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm 6750c2039c64dd866146d240f06b302f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.4.20060mlcs4.x86_64.rpm 0c7db97343700984a02d6365069bfbd5 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm d60aa90ac7a459f237a6c0ed190b0ea1 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm 873b63a672417971078076a5e3e4f363 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.4.20060mlcs4.x86_64.rpm d964415079d86d6c6ff78381e3dfe8ef corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm c014bede921593c1035d8a1488909ab9 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.4.20060mlcs4.x86_64.rpm d4469077e683ea2a034bfb35be9ca8f6 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.x86_64.rpm 35638d36e7c4832f70460294ef496d33 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.4.20060mlcs4.x86_64.rpm de62531cfcf279b966c08940df7dc298 corporate/4.0/x86_64/apache-modules-2.2.3-1.4.20060mlcs4.x86_64.rpm a44db8a0824aa8ec654338640e30e14c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.4.20060mlcs4.x86_64.rpm be326111f9e8dd9fb0a9a7699f7f99dd corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.x86_64.rpm 3b29042dd082e4f0f8e04fbff2f14c23 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.4.20060mlcs4.x86_64.rpm 576aed8c357f707db0e488e13b68834c corporate/4.0/x86_64/apache-source-2.2.3-1.4.20060mlcs4.x86_64.rpm fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzBUvmqjQ0CJFipgRApHOAKCvASwDjqj110UnAsle/Jtgw9VwhwCg7zVf 0jg30niEBGmySzuHETORyts= =wMau -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
This update also provides HTTP/1.1 compliance fixes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-06
http://security.gentoo.org/
Severity: Normal Title: Apache: Denial of Service Date: July 09, 2008 Bugs: #222643, #227111 ID: 200807-06
Synopsis
Multiple vulnerabilities in Apache might lead to a Denial of Service.
Background
The Apache HTTP server is one of the most popular web servers on the Internet.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.9 >= 2.2.9
Description
Multiple vulnerabilities have been discovered in Apache:
-
Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678).
-
sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420).
Impact
A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially-crafted URL, resulting in a Denial of Service of the Apache daemon.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9"
References
[ 1 ] CVE-2007-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [ 2 ] CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 [ 3 ] CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200807-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01539432 Version: 1
HPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-08-26 Last Updated: 2008-08-27
Potential Security Impact: Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS).
References: CVE-2007-4465, CVE-2008-2168, CVE-2008-2364
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.05 and previous
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following software updates to resolve the vulnerabilities.
The updates are available for download from:
URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX Release - B.11.11 (IPv4 and IPv6) Apache Depot name - HPUXWSA-B219-03-1111ipv6.depot MD5 Sum - 166ac363bed403ba5eba2ad02863315d
HP-UX Release - B.11.23 PA-32 Apache Depot name - HPUXWSA-B219-03-1123-32.depot MD5 Sum - b59c377a377c86067115012c19b316f5
HP-UX Release - B.11.23 IA-64 Apache Depot name - HPUXWSA-B219-03-1123-64.depot MD5 Sum - 083b501f0ab2cc30cb536bcbc6eb65ff
HP-UX Release - B.11.31 PA-32 Apache Depot name - HPUXWSA-B219-03-1131-32.depot MD5 Sum - f1927dd378a4656412aadd8005da0b1b
HP-UX Release - B.11.31 IA-64 Apache Depot name - HPUXWSA-B219-03-1131-64.depot MD5 Sum - af7f377e215cb7c988bc07ca5f30190f
MANUAL ACTIONS: Yes - Update plus other actions Install Apache v2.0.59.07.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6 HP-UX B.11.11 ============= hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.07.01 or subsequent and restart Apache URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX B.11.23
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.07.01 or subsequent and restart Apache URL: ftp://srt80118:srt80118@hprc.external.hp.com
HP-UX B.11.31
hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.07.01 or subsequent and restart Apache URL: ftp://srt80118:srt80118@hprc.external.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 27 August 2008 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2008 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSLXYA+AfOvwtKn1ZEQKjbgCgrQpfuEwWWBX9qs1Iyq282KP4alwAnR/y 5nAFOH72tNKo5XvbFV534DO8 =vaoD -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
The vulnerability is caused due to an unspecified error, which can be exploited to cause a high memory usage when the application is used as a reverse proxy.
Please see the vendor's advisory for a full list of affected products.
SOLUTION: Update to a fixed version. See vendor advisory for details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html
OTHER REFERENCES: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0688",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.7"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.10"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "9"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "web server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "os/400 v5r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "i5/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.01"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
}
],
"sources": [
{
"db": "BID",
"id": "29653"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ryujiro Shibuya",
"sources": [
{
"db": "BID",
"id": "29653"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
}
],
"trust": 0.9
},
"cve": "CVE-2008-2364",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2009-001740",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2364",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2009-001740",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200806-186",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-2364",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.The server could fall into a denial of service (DoS) state when continuously receiving fraudulent responses from backend Web servers. The Apache \u0027mod_proxy_http\u0027 module is prone to a denial-of-service vulnerability that affects the processing of interim responses. \nAttackers may exploit this issue to cause denial-of-service conditions. \nReportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. \n \n A cross-site scripting vulnerability was found in the mod_proxy_ftp\n module in Apache that allowed remote attackers to inject arbitrary\n web script or HTML via wildcards in a pathname in an FTP URI\n (CVE-2008-2939). \n \n The updated packages have been patched to prevent these issues. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2007.1:\n 7ba0fa98b5e5f34f2c3bb5798f300736 2007.1/i586/apache-base-2.2.4-6.5mdv2007.1.i586.rpm\n 82dccbbcca45d5aba2c7a9afb615ffb7 2007.1/i586/apache-devel-2.2.4-6.5mdv2007.1.i586.rpm\n 43c50d9ad73f39e88acf35a48915f472 2007.1/i586/apache-htcacheclean-2.2.4-6.5mdv2007.1.i586.rpm\n 7e7821b41de94eba4e413c4218e72f05 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.i586.rpm\n 82b527ca5b90f4857ece74972c34bd2b 2007.1/i586/apache-mod_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 4bc7f0488a4c8ea05446ea04611fa671 2007.1/i586/apache-mod_dav-2.2.4-6.5mdv2007.1.i586.rpm\n fa53bb715a9733fc5f4ef8a18e8a1577 2007.1/i586/apache-mod_dbd-2.2.4-6.5mdv2007.1.i586.rpm\n d9759e97fb29783b69ee4bebba96e9d8 2007.1/i586/apache-mod_deflate-2.2.4-6.5mdv2007.1.i586.rpm\n 9934937a1a7fb3ab277daac03a04fd6e 2007.1/i586/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 4f16a0af444be1610749287944264d1b 2007.1/i586/apache-mod_file_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 9b1fc5ab5579bde1fbfb9ae08b18d1ec 2007.1/i586/apache-mod_ldap-2.2.4-6.5mdv2007.1.i586.rpm\n 9a9029063f10dd3fa81ee4eed3fe5d51 2007.1/i586/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.i586.rpm\n 6930a06576c337ca7ecaab2a8cf4ca59 2007.1/i586/apache-mod_proxy-2.2.4-6.5mdv2007.1.i586.rpm\n c7834d18c0999590abb42d3efad7a035 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.i586.rpm\n 641b5bc3988af4ee0f5600e2d34c1230 2007.1/i586/apache-mod_ssl-2.2.4-6.5mdv2007.1.i586.rpm\n af9bada6d30145bfaa58be10eec6798b 2007.1/i586/apache-modules-2.2.4-6.5mdv2007.1.i586.rpm\n 796296888cfb7978fbca22764de10753 2007.1/i586/apache-mod_userdir-2.2.4-6.5mdv2007.1.i586.rpm\n 110acb3a28bf8e911309afd7d5381950 2007.1/i586/apache-mpm-event-2.2.4-6.5mdv2007.1.i586.rpm\n 065949244c838c9ec8baf47e66227803 2007.1/i586/apache-mpm-itk-2.2.4-6.5mdv2007.1.i586.rpm\n ad0e0e109fbed8fc7be0d6b8b36c7503 2007.1/i586/apache-mpm-prefork-2.2.4-6.5mdv2007.1.i586.rpm\n 31ce817bb36ec93214fdb177f86096cf 2007.1/i586/apache-mpm-worker-2.2.4-6.5mdv2007.1.i586.rpm\n 5eba2d9af248c7107279f21cd4bde2b3 2007.1/i586/apache-source-2.2.4-6.5mdv2007.1.i586.rpm \n 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 5997be8532eccc8f20f5c121895df248 2007.1/x86_64/apache-base-2.2.4-6.5mdv2007.1.x86_64.rpm\n 096a4e2f17838c847099f2dc41e4ca5a 2007.1/x86_64/apache-devel-2.2.4-6.5mdv2007.1.x86_64.rpm\n b4f3cd71a3683bcc4e9b1dcdabcbfdaa 2007.1/x86_64/apache-htcacheclean-2.2.4-6.5mdv2007.1.x86_64.rpm\n f03a92759c1159477f04890092636f27 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm\n 1bc914605bd0c3b05d455eeb053068e2 2007.1/x86_64/apache-mod_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n 3e8aaa6e0d70bdc5f439928f102a5f61 2007.1/x86_64/apache-mod_dav-2.2.4-6.5mdv2007.1.x86_64.rpm\n a51dabbb6220c17ecdb001cf1444e99f 2007.1/x86_64/apache-mod_dbd-2.2.4-6.5mdv2007.1.x86_64.rpm\n 1252150d2fc936309c6cb9794627cc8f 2007.1/x86_64/apache-mod_deflate-2.2.4-6.5mdv2007.1.x86_64.rpm\n bc4878995bfe34a46419a3a6aa090d91 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n cd8b213c41d3dce5070483cf2e9d71e2 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n ec1a79f3d6defecb3ed2dbf8d85ba98c 2007.1/x86_64/apache-mod_ldap-2.2.4-6.5mdv2007.1.x86_64.rpm\n 6158e3825e4b7e631f6c6eab65660aab 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.5mdv2007.1.x86_64.rpm\n 4b01be50b5531dfd3a92189388165c7b 2007.1/x86_64/apache-mod_proxy-2.2.4-6.5mdv2007.1.x86_64.rpm\n 32735f0b995664e2983c3768473db144 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.5mdv2007.1.x86_64.rpm\n a1709d589420b97e255a7f5db47e859c 2007.1/x86_64/apache-mod_ssl-2.2.4-6.5mdv2007.1.x86_64.rpm\n 936c34490fcc180777a3248d9970da5a 2007.1/x86_64/apache-modules-2.2.4-6.5mdv2007.1.x86_64.rpm\n 0364549013611e3e748a917a6269a61d 2007.1/x86_64/apache-mod_userdir-2.2.4-6.5mdv2007.1.x86_64.rpm\n 2640fd4b78d98e1aa7a8d994d7610b16 2007.1/x86_64/apache-mpm-event-2.2.4-6.5mdv2007.1.x86_64.rpm\n 4edad0e4f3119f88d4360d5a11dd3fd4 2007.1/x86_64/apache-mpm-itk-2.2.4-6.5mdv2007.1.x86_64.rpm\n 6ed107f6f60a88008aa0a21d1133c78e 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.5mdv2007.1.x86_64.rpm\n c39136dbd1fe0d53b80ed5fb232c775b 2007.1/x86_64/apache-mpm-worker-2.2.4-6.5mdv2007.1.x86_64.rpm\n 46b245caca2ae8afa49d9e13122cae58 2007.1/x86_64/apache-source-2.2.4-6.5mdv2007.1.x86_64.rpm \n 012cdfd939633fa3feae44c7d7bec736 2007.1/SRPMS/apache-2.2.4-6.5mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 9fba06d7b75a7400faf855f0947f0ead 2008.0/i586/apache-base-2.2.6-8.2mdv2008.0.i586.rpm\n c560ededd59c4f2556074326363991fe 2008.0/i586/apache-devel-2.2.6-8.2mdv2008.0.i586.rpm\n 80cb61aff0fc88d4e88074bfaf789e0a 2008.0/i586/apache-htcacheclean-2.2.6-8.2mdv2008.0.i586.rpm\n 69d3778cb2452189e9586c2f517c67ff 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.i586.rpm\n 3b965dacd1d53c70b21bcbb45b62b4e4 2008.0/i586/apache-mod_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 6b780e4611adb7d56bd562334f98c6ef 2008.0/i586/apache-mod_dav-2.2.6-8.2mdv2008.0.i586.rpm\n 148aad51fd72443d47f8afbf07943fc0 2008.0/i586/apache-mod_dbd-2.2.6-8.2mdv2008.0.i586.rpm\n e908b7d6220cb636d53a9989ed84337b 2008.0/i586/apache-mod_deflate-2.2.6-8.2mdv2008.0.i586.rpm\n 3ecc6c18d5ee2e34b6e3c770ce28199a 2008.0/i586/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 7557a733237c84de3477113a80119656 2008.0/i586/apache-mod_file_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 586a9e027e6ec327c24f231d1c2705e3 2008.0/i586/apache-mod_ldap-2.2.6-8.2mdv2008.0.i586.rpm\n de055c23ec9eac3ac78f6a31146db8a9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.i586.rpm\n 4a32c704527fd42c97ffb8be87531363 2008.0/i586/apache-mod_proxy-2.2.6-8.2mdv2008.0.i586.rpm\n ad7bdc0861c42629366b0c4f0552eb0a 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.i586.rpm\n 0ae1b7ba57162f8ae870e08e48f0d964 2008.0/i586/apache-mod_ssl-2.2.6-8.2mdv2008.0.i586.rpm\n 2d848e1ee979d12c66ef10b638ebce6e 2008.0/i586/apache-modules-2.2.6-8.2mdv2008.0.i586.rpm\n 085e672acacd0642f2baa8bce631b26b 2008.0/i586/apache-mod_userdir-2.2.6-8.2mdv2008.0.i586.rpm\n 3564507283ffddfaa528991d514ce3c4 2008.0/i586/apache-mpm-event-2.2.6-8.2mdv2008.0.i586.rpm\n 360033e8459d52a323753246d977eb2b 2008.0/i586/apache-mpm-itk-2.2.6-8.2mdv2008.0.i586.rpm\n ca4c9127740d3a433087031c706878ab 2008.0/i586/apache-mpm-prefork-2.2.6-8.2mdv2008.0.i586.rpm\n b892724c9776743f777ebf9da44159a8 2008.0/i586/apache-mpm-worker-2.2.6-8.2mdv2008.0.i586.rpm\n 15cc53561ac91ba3f89af6c2057726a7 2008.0/i586/apache-source-2.2.6-8.2mdv2008.0.i586.rpm \n fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n f5c28f5db00c8d87e77bbe8b387c29e1 2008.0/x86_64/apache-base-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2ea378183715ca15ead2b60c0ba6d1f3 2008.0/x86_64/apache-devel-2.2.6-8.2mdv2008.0.x86_64.rpm\n d15052d92f5918f47be634f052f5c8f8 2008.0/x86_64/apache-htcacheclean-2.2.6-8.2mdv2008.0.x86_64.rpm\n e00bae3dea071434ee63a0708f9cb2c9 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm\n e16ceda13087b1e924b1233fa4c58568 2008.0/x86_64/apache-mod_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 86ddeb3f207a928c537a1bac4a3b59f1 2008.0/x86_64/apache-mod_dav-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2a239f7bd6a3e74a29b69f29f217fd98 2008.0/x86_64/apache-mod_dbd-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6c3faec4fd23ed64ecbf508097fa948c 2008.0/x86_64/apache-mod_deflate-2.2.6-8.2mdv2008.0.x86_64.rpm\n 286c89f9021f2e766324f52196b6e03f 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 480c9861c06f5b535bcd0bd87e225023 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n 61ed284bda26162a1da185a2aedca12e 2008.0/x86_64/apache-mod_ldap-2.2.6-8.2mdv2008.0.x86_64.rpm\n 2c8670da45ffbff476a189f4af7eecb3 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.2mdv2008.0.x86_64.rpm\n bee8fdde4536e497abfc7e48dd659689 2008.0/x86_64/apache-mod_proxy-2.2.6-8.2mdv2008.0.x86_64.rpm\n d45fe91cccf27cd403cfb2fd2f5bb5ba 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.2mdv2008.0.x86_64.rpm\n d9becf61089cb4dc0b224e4fccb11fb4 2008.0/x86_64/apache-mod_ssl-2.2.6-8.2mdv2008.0.x86_64.rpm\n 62ac5f1ec4c984dce76176203f5eeb6e 2008.0/x86_64/apache-modules-2.2.6-8.2mdv2008.0.x86_64.rpm\n 7042049d1d0b99c1e7f46142d6993761 2008.0/x86_64/apache-mod_userdir-2.2.6-8.2mdv2008.0.x86_64.rpm\n bd06a8f2c4074d5722556c38c5e0dc03 2008.0/x86_64/apache-mpm-event-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6848d1ad52463fbf9de4631b22a4dd81 2008.0/x86_64/apache-mpm-itk-2.2.6-8.2mdv2008.0.x86_64.rpm\n 6bc3fee77b90a73d54dba755a96f4e11 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.2mdv2008.0.x86_64.rpm\n e9b20462aef79d790d604da2e59cc503 2008.0/x86_64/apache-mpm-worker-2.2.6-8.2mdv2008.0.x86_64.rpm\n a378e191f066f819419106a65e472535 2008.0/x86_64/apache-source-2.2.6-8.2mdv2008.0.x86_64.rpm \n fb2e547dc2b02b0d55384751729d8c2a 2008.0/SRPMS/apache-2.2.6-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 19bd0997c144cfd6c0792227f97c840a 2008.1/i586/apache-base-2.2.8-6.1mdv2008.1.i586.rpm\n c0bc6f89d51f7aeb0a907155ce424e63 2008.1/i586/apache-devel-2.2.8-6.1mdv2008.1.i586.rpm\n 38019754e020560317f9e4143c31120b 2008.1/i586/apache-htcacheclean-2.2.8-6.1mdv2008.1.i586.rpm\n 9d4d3b487b9e4a930e0dfad6f9a86b11 2008.1/i586/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.i586.rpm\n dcd9a987da631e20f0af5825c7a0f4cf 2008.1/i586/apache-mod_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 9d77821dcb46af8c01e7dd30a74fd3f5 2008.1/i586/apache-mod_dav-2.2.8-6.1mdv2008.1.i586.rpm\n 7ec8c8bec08a8c7812e93ae6f630d721 2008.1/i586/apache-mod_dbd-2.2.8-6.1mdv2008.1.i586.rpm\n 4b3f7f658ca523658fcff97884404569 2008.1/i586/apache-mod_deflate-2.2.8-6.1mdv2008.1.i586.rpm\n 838d9649e9f9850ff7f50a9686783958 2008.1/i586/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 114c083f976c1c59f9ed2fc7865f47b9 2008.1/i586/apache-mod_file_cache-2.2.8-6.1mdv2008.1.i586.rpm\n efc293cd668271a0131d84a9776e7cb4 2008.1/i586/apache-mod_ldap-2.2.8-6.1mdv2008.1.i586.rpm\n e1e2413f175fa207ffb8d5ce2903439f 2008.1/i586/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.i586.rpm\n 80e42fb54b7c926bd4ae6c8869bfe2b4 2008.1/i586/apache-mod_proxy-2.2.8-6.1mdv2008.1.i586.rpm\n b14cb1c38ff72f65af3dc26f419248b2 2008.1/i586/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.i586.rpm\n 222d326db8d3d9c7ff49a5edf54ad460 2008.1/i586/apache-mod_ssl-2.2.8-6.1mdv2008.1.i586.rpm\n 8d4d65f206604150103a767559ce4ac0 2008.1/i586/apache-modules-2.2.8-6.1mdv2008.1.i586.rpm\n a02bf7d7cd6cb86b24728055f31e00e8 2008.1/i586/apache-mod_userdir-2.2.8-6.1mdv2008.1.i586.rpm\n 762b5a44d6ab770663e7802db5880c5c 2008.1/i586/apache-mpm-event-2.2.8-6.1mdv2008.1.i586.rpm\n 1ad89877cf9e1d19c9c0ae31da79cc4b 2008.1/i586/apache-mpm-itk-2.2.8-6.1mdv2008.1.i586.rpm\n 9e88d760212153696531a36e44e599da 2008.1/i586/apache-mpm-prefork-2.2.8-6.1mdv2008.1.i586.rpm\n f50d7edde588f2439aa4e831a63c35d7 2008.1/i586/apache-mpm-worker-2.2.8-6.1mdv2008.1.i586.rpm\n a9f60a580681ac55bc61ae250326dc6a 2008.1/i586/apache-source-2.2.8-6.1mdv2008.1.i586.rpm \n ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 7aafb608166a15e6373c11011e72117d 2008.1/x86_64/apache-base-2.2.8-6.1mdv2008.1.x86_64.rpm\n 9c39fe151fc9261c77fc5484f793358d 2008.1/x86_64/apache-devel-2.2.8-6.1mdv2008.1.x86_64.rpm\n d5dd9482dbfed961af363261f769a136 2008.1/x86_64/apache-htcacheclean-2.2.8-6.1mdv2008.1.x86_64.rpm\n a839a342ce15d6076907fa85b652ac45 2008.1/x86_64/apache-mod_authn_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm\n c1cdf8ea93464f350cd5a97282a963a8 2008.1/x86_64/apache-mod_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n 0ebe3595df3974b090e1e41653a61ac8 2008.1/x86_64/apache-mod_dav-2.2.8-6.1mdv2008.1.x86_64.rpm\n 50d80ef4989cecf6d9b4d3a36e91c3f8 2008.1/x86_64/apache-mod_dbd-2.2.8-6.1mdv2008.1.x86_64.rpm\n 89badb88265d34c6b4dafcbd7240618d 2008.1/x86_64/apache-mod_deflate-2.2.8-6.1mdv2008.1.x86_64.rpm\n 6814c312ec71fa619e1533f08ed3d1fa 2008.1/x86_64/apache-mod_disk_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n ea7900772a2a78ba4913c41762c39069 2008.1/x86_64/apache-mod_file_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n b146eaeb311a6107d51413bc29d70315 2008.1/x86_64/apache-mod_ldap-2.2.8-6.1mdv2008.1.x86_64.rpm\n 7198b641d46ea2f24664c4a9d02b9063 2008.1/x86_64/apache-mod_mem_cache-2.2.8-6.1mdv2008.1.x86_64.rpm\n e04cdfbbad417123adae10cf13a2b626 2008.1/x86_64/apache-mod_proxy-2.2.8-6.1mdv2008.1.x86_64.rpm\n 8f9a04efe7760b08220b27f1cabd8a49 2008.1/x86_64/apache-mod_proxy_ajp-2.2.8-6.1mdv2008.1.x86_64.rpm\n 8ed701d6c742a5e60196653f79989a8a 2008.1/x86_64/apache-mod_ssl-2.2.8-6.1mdv2008.1.x86_64.rpm\n 3beb942d20bf63c2bc8cef202ef0e0aa 2008.1/x86_64/apache-modules-2.2.8-6.1mdv2008.1.x86_64.rpm\n fd40ed97d50b583c7f21a686d8146c7d 2008.1/x86_64/apache-mod_userdir-2.2.8-6.1mdv2008.1.x86_64.rpm\n f7451170b9c2c7f3f55a0d44567bebfe 2008.1/x86_64/apache-mpm-event-2.2.8-6.1mdv2008.1.x86_64.rpm\n 6e1b59583a15313f8dbf347170ec581d 2008.1/x86_64/apache-mpm-itk-2.2.8-6.1mdv2008.1.x86_64.rpm\n b60967808f886fc4444054fe4ba685fd 2008.1/x86_64/apache-mpm-prefork-2.2.8-6.1mdv2008.1.x86_64.rpm\n 0ab90ebae3fcfd1fa809e62e546222db 2008.1/x86_64/apache-mpm-worker-2.2.8-6.1mdv2008.1.x86_64.rpm\n 7726d40130eb5a14d8cf272cd08f7485 2008.1/x86_64/apache-source-2.2.8-6.1mdv2008.1.x86_64.rpm \n ffe7ace0a88205f764b21be6cf4ed2e1 2008.1/SRPMS/apache-2.2.8-6.1mdv2008.1.src.rpm\n\n Corporate 4.0:\n b59bbaecc0f3c6301bee564c2862430a corporate/4.0/i586/apache-base-2.2.3-1.4.20060mlcs4.i586.rpm\n b3141af91788ac68afd1cfb34426cec3 corporate/4.0/i586/apache-devel-2.2.3-1.4.20060mlcs4.i586.rpm\n 309db27fc902b7eb77e0fd2b5e03359f corporate/4.0/i586/apache-htcacheclean-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e7d56d01a51b7239b080765fd858088 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e6bd8c3a89f5f277fb56e60b37bb6a9 corporate/4.0/i586/apache-mod_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n fd99c7e58d56eb14a0e94c27edb2daf2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.4.20060mlcs4.i586.rpm\n 75968093eca9011dd115d948c44f29ba corporate/4.0/i586/apache-mod_dbd-2.2.3-1.4.20060mlcs4.i586.rpm\n ba5118b4c1caa7e4b75229b5643b06b9 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.4.20060mlcs4.i586.rpm\n abb27116fae7ff7d319516c0f9a0a5e4 corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n e1bb6ed7fb0fbb39f762a932f34dc67b corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n a3d85c92d66a0ca0ed6dc6a6c6df23b4 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.4.20060mlcs4.i586.rpm\n eca828a6bd374d98af6fd785aa6970af corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.i586.rpm\n 8e28a95bd7f655c5b98c7405ca74de18 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.4.20060mlcs4.i586.rpm\n 23a2687957dae00dadc44b864032a838 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.i586.rpm\n a4a143aa2f9f8b1d3cedf68429a90fa4 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.4.20060mlcs4.i586.rpm\n 779cf371acd7012ac1acfaac0062a38a corporate/4.0/i586/apache-modules-2.2.3-1.4.20060mlcs4.i586.rpm\n e1a8927f0cfd3a08ca2af42ebc64932e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.4.20060mlcs4.i586.rpm\n 3415eea7176bb392b87540c2bfcfed2b corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.i586.rpm\n 9b79811544ad30fd91608d5839b521eb corporate/4.0/i586/apache-mpm-worker-2.2.3-1.4.20060mlcs4.i586.rpm\n 1403616f0ba1cbcc552f7e33a32b303f corporate/4.0/i586/apache-source-2.2.3-1.4.20060mlcs4.i586.rpm \n fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n e46ce6fe84b67d3d6caf6782d9352555 corporate/4.0/x86_64/apache-base-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 5b1993dca50465213ca285d3fc38bc07 corporate/4.0/x86_64/apache-devel-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 7076dbe94461207aa2399b887e6b669f corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.4.20060mlcs4.x86_64.rpm\n e51acf392e315892cfc60ef342b3e9f0 corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 270e619d353fa9348b2d5713e660bb69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 8e8ae8e260b69d7150c6d7f8162eb261 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 11fc6ca48580398733c9c26c6097aeb8 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 6750c2039c64dd866146d240f06b302f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 0c7db97343700984a02d6365069bfbd5 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d60aa90ac7a459f237a6c0ed190b0ea1 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 873b63a672417971078076a5e3e4f363 corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d964415079d86d6c6ff78381e3dfe8ef corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.4.20060mlcs4.x86_64.rpm\n c014bede921593c1035d8a1488909ab9 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.4.20060mlcs4.x86_64.rpm\n d4469077e683ea2a034bfb35be9ca8f6 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 35638d36e7c4832f70460294ef496d33 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.4.20060mlcs4.x86_64.rpm\n de62531cfcf279b966c08940df7dc298 corporate/4.0/x86_64/apache-modules-2.2.3-1.4.20060mlcs4.x86_64.rpm\n a44db8a0824aa8ec654338640e30e14c corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.4.20060mlcs4.x86_64.rpm\n be326111f9e8dd9fb0a9a7699f7f99dd corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 3b29042dd082e4f0f8e04fbff2f14c23 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.4.20060mlcs4.x86_64.rpm\n 576aed8c357f707db0e488e13b68834c corporate/4.0/x86_64/apache-source-2.2.3-1.4.20060mlcs4.x86_64.rpm \n fdda31ac2d27f5fe856746719b3ae87a corporate/4.0/SRPMS/apache-2.2.3-1.4.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIzBUvmqjQ0CJFipgRApHOAKCvASwDjqj110UnAsle/Jtgw9VwhwCg7zVf\n0jg30niEBGmySzuHETORyts=\n=wMau\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n \n This update also provides HTTP/1.1 compliance fixes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200807-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Denial of Service\n Date: July 09, 2008\n Bugs: #222643, #227111\n ID: 200807-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Apache might lead to a Denial of Service. \n\nBackground\n==========\n\nThe Apache HTTP server is one of the most popular web servers on the\nInternet. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.9 \u003e= 2.2.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache:\n\n* Dustin Kirkland reported that the mod_ssl module can leak memory\n when the client reports support for a compression algorithm\n (CVE-2008-1678). \n\n* sp3x of SecurityReason reported a Cross-Site Request Forgery\n vulnerability in the balancer-manager in the mod_proxy_balancer\n module (CVE-2007-6420). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by connecting to\nan Apache httpd, by causing an Apache proxy server to connect to a\nmalicious server, or by enticing a balancer administrator to connect to\na specially-crafted URL, resulting in a Denial of Service of the Apache\ndaemon. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.9\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-6420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420\n [ 2 ] CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n [ 3 ] CVE-2008-2364\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200807-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01539432\nVersion: 1\n\nHPSBUX02365 SSRT080118 rev.1 - HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2008-08-26\nLast Updated: 2008-08-27\n\nPotential Security Impact: Remote Cross Site Scripting (XSS) or Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running Apache. These vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or Denial of Service (DoS). \n\nReferences: CVE-2007-4465, CVE-2008-2168, CVE-2008-2364\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.05 and previous\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerabilities. \n\nThe updates are available for download from: \n\nURL: ftp://srt80118:srt80118@hprc.external.hp.com \n\nHP-UX Release - B.11.11 (IPv4 and IPv6)\nApache Depot name - HPUXWSA-B219-03-1111ipv6.depot\nMD5 Sum - 166ac363bed403ba5eba2ad02863315d\n \nHP-UX Release - B.11.23 PA-32\nApache Depot name - HPUXWSA-B219-03-1123-32.depot\nMD5 Sum - b59c377a377c86067115012c19b316f5\n \nHP-UX Release - B.11.23 IA-64\nApache Depot name - HPUXWSA-B219-03-1123-64.depot\nMD5 Sum - 083b501f0ab2cc30cb536bcbc6eb65ff\n \nHP-UX Release - B.11.31 PA-32\nApache Depot name - HPUXWSA-B219-03-1131-32.depot\nMD5 Sum - f1927dd378a4656412aadd8005da0b1b\n \nHP-UX Release - B.11.31 IA-64\nApache Depot name - HPUXWSA-B219-03-1131-64.depot\nMD5 Sum - af7f377e215cb7c988bc07ca5f30190f\n\nMANUAL ACTIONS: Yes - Update plus other actions \nInstall Apache v2.0.59.07.01 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nFor Apache IPv4 and IPv6 \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \naction: install revision B.2.0.59.07.01 or subsequent and restart Apache \nURL: ftp://srt80118:srt80118@hprc.external.hp.com \n\nHP-UX B.11.23 \n============= \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \naction: install revision B.2.0.59.07.01 or subsequent and restart Apache \nURL: ftp://srt80118:srt80118@hprc.external.hp.com \n\nHP-UX B.11.31 \n============= \nhpuxwsAPCH32.APACHE \nhpuxwsAPCH32.APACHE2 \nhpuxwsAPCH32.AUTH_LDAP \nhpuxwsAPCH32.AUTH_LDAP2 \nhpuxwsAPCH32.MOD_JK \nhpuxwsAPCH32.MOD_JK2 \nhpuxwsAPCH32.MOD_PERL \nhpuxwsAPCH32.MOD_PERL2 \nhpuxwsAPCH32.PHP \nhpuxwsAPCH32.PHP2 \nhpuxwsAPCH32.WEBPROXY \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \naction: install revision B.2.0.59.07.01 or subsequent and restart Apache \nURL: ftp://srt80118:srt80118@hprc.external.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) - 27 August 2008 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux \nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2008 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSLXYA+AfOvwtKn1ZEQKjbgCgrQpfuEwWWBX9qs1Iyq282KP4alwAnR/y\n5nAFOH72tNKo5XvbFV534DO8\n=vaoD\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe vulnerability is caused due to an unspecified error, which can be\nexploited to cause a high memory usage when the application is used as\na reverse proxy. \n\nPlease see the vendor\u0027s advisory for a full list of affected\nproducts. \n\nSOLUTION:\nUpdate to a fixed version. See vendor advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html\n\nOTHER REFERENCES:\nhttp://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "PACKETSTORM",
"id": "69969"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "79239"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2364",
"trust": 3.3
},
{
"db": "BID",
"id": "29653",
"trust": 2.0
},
{
"db": "BID",
"id": "31681",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1798",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0320",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30621",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31651",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31026",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32838",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34259",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31416",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32685",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34219",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31904",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34418",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33156",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31404",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33797",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020267",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "35771",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2008-2364",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69969",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "72628",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68082",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89987",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69466",
"trust": 0.1
},
{
"db": "HITACHI",
"id": "HS09-009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79239",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "PACKETSTORM",
"id": "69969"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"id": "VAR-200705-0688",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17203079500000001
},
"last_update_date": "2026-03-09T22:49:21.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS09-009",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-009/index.html"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080967 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Application Stack v2.2 security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080966 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-731-1"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2008-2364 "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/DButter/whitehat_public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/29653"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30621"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00153.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31416"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31404"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31026"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00055.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020267"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31651"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31904"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:195"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk67579"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32685"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0967.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0966.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:237"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33156"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33797"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/wiki/advisories:rpsa-2008-0328"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32838"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-731-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34259"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34219"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34418"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1798"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42987"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9577"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6084"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11713"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/494858/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2364"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2364"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/proxy/mod_proxy_"
},
{
"trust": 0.6,
"url": "http://svn.apache.org/viewvc/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_proxy_http.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.9"
},
{
"trust": 0.3,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/changes?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0966.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2f960f9e1d5d7811786257655003c8e7a"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201002e.html"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2008-2364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2008:0967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/731-1/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6421"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/support.jsp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35771/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-001740.html"
},
{
"trust": 0.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs09-009/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "PACKETSTORM",
"id": "69969"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "PACKETSTORM",
"id": "69969"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "89987"
},
{
"db": "PACKETSTORM",
"id": "69466"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"date": "2008-06-10T00:00:00",
"db": "BID",
"id": "29653"
},
{
"date": "2008-09-14T20:14:59",
"db": "PACKETSTORM",
"id": "69969"
},
{
"date": "2008-12-04T22:31:41",
"db": "PACKETSTORM",
"id": "72628"
},
{
"date": "2008-07-10T08:16:33",
"db": "PACKETSTORM",
"id": "68082"
},
{
"date": "2010-05-27T05:11:37",
"db": "PACKETSTORM",
"id": "89987"
},
{
"date": "2008-08-29T05:14:23",
"db": "PACKETSTORM",
"id": "69466"
},
{
"date": "2009-07-15T07:11:45",
"db": "PACKETSTORM",
"id": "79239"
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"date": "2009-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"date": "2008-06-13T18:41:00",
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"date": "2015-04-13T21:30:00",
"db": "BID",
"id": "29653"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"date": "2014-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "69969"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
}
],
"trust": 0.6
}
}
VAR-200703-0007
Vulnerability from variot - Updated: 2026-03-09 22:49Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using apache proxy modules like mod_proxy, mod_rewrite or mod_jk.
Workaround
There is no known workaround at this time.
Resolution
All Tomcat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/tomcat-5.5.22"
References
[ 1 ] CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200705-03.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Refer to the References section for the full list of resolved issues by CVE identifier.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products: CA Cohesion Application Configuration Manager 4.5
Non-Affected Products CA Cohesion Application Configuration Manager 4.5 SP1
Affected Platforms: Windows
Status and Recommendation: CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
RO04648 https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search &searchID=RO04648
How to determine if you are affected:
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:\Program Files\CA\Cohesion\Server\server\" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ CA20090123-01: Security Notice for Cohesion Tomcat https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975 40 Solution Document Reference APARs: RO04648 CA Security Response Blog posting: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Reported By: n/a CVE References: CVE-2005-2090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090 CVE-2005-3510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510 CVE-2006-3835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835 CVE-2006-7195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195 CVE-2006-7196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196 CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 CVE-2007-1355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355 CVE-2007-1358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358 CVE-2007-1858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858 CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 CVE-2007-3385 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 CVE-2008-0128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128 *Note: the issue was not completely fixed by Tomcat maintainers. OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release v1.1 - Updated Impact, Summary, Affected Products
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777 82
Regards, Ken Williams, Director ; 0xE2941985 CA Product Vulnerability Response Team
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01178795 Version: 1
HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-02 Last Updated: 2007-10-02
Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache
BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01
action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00.
MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- .
Multiple cross-site scripting vulnerabilities in the Manager and Host Manager web applications allow remote authenticated users to inject arbitrary web script or HTML (CVE-2007-2450).
Tomcat treated single quotes as delimiters in cookies, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3382).
Tomcat did not properly handle the " character sequence in a cookie value, which could cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks (CVE-2007-3385).
A cross-site scripting vulnerability in the Host Manager servlet allowed remote attackers to inject arbitrary HTML and web script via crafted attacks (CVE-2007-3386).
The updated packages have been patched to correct these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
Updated Packages:
Mandriva Linux 2007.1: 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm
Mandriva Linux 2008.0: 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1 QKCxPSeNSXZPdPEE6c2TDyk= =z6UT -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: phpPgAds XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15884
VERIFY ADVISORY: http://secunia.com/advisories/15884/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: phpPgAds 2.x http://secunia.com/product/4577/
DESCRIPTION: A vulnerability has been reported in phpPgAds, which can be exploited by malicious people to compromise a vulnerable system.
For more information: SA15852
SOLUTION: Update to version 2.0.5. http://sourceforge.net/project/showfiles.php?group_id=36679
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Summary:
Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX Server 3.0.2, and ESX 3.0.1. Relevant releases:
VirtualCenter Management Server 2 ESX Server 3.0.2 without patch ESX-1002434 ESX Server 3.0.1 without patch ESX-1003176
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to these issues.
JRE Security Update This release of VirtualCenter Server updates the JRE package from 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in the earlier release of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-3004 to this issue.
Security best practices provided by VMware recommend that the
service console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices. Solution:
Please review the Patch notes for your product and version and verify the md5sum of your downloaded file.
VMware VirtualCenter 2.0.2 Update 2 Release Notes http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html
VirtualCenter CD image md5sum d7d98a5d7f8afff32cee848f860d3ba7
VirtualCenter as Zip md5sum 3b42ec350121659e10352ca2d76e212b
ESX Server 3.0.2 http://kb.vmware.com/kb/1002434 md5sum: 2f52251f6ace3d50934344ef313539d5
ESX Server 3.0.1 http://kb.vmware.com/kb/1003176 md5sum: 5674ca0dcfac90726014cc316444996e
- Contact:
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce@lists.vmware.com
- bugtraq@securityfocus.com
- full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "5.0.0"
},
{
"_id": null,
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.0.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.34"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.0.30"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"_id": null,
"model": "interscan messaging security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 7.x"
},
{
"_id": null,
"model": "trendmicro interscan messaging security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 7.x"
},
{
"_id": null,
"model": "trendmicro interscan web security appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 3.x"
},
{
"_id": null,
"model": "trendmicro interscan web security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 2.x"
},
{
"_id": null,
"model": "trendmicro interscan web security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "- 3.x"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "standard-j edition v4.x/v5.x"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 ~ v2.1"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.x/v5.x"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "win32"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.0.28"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.0.19"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "tomcat",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "5.5.0"
},
{
"_id": null,
"model": "virtualcenter management server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"_id": null,
"model": "linux enterprise server sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "8"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.2"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unitedlinux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "1.0"
},
{
"_id": null,
"model": "suse linux standard server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "suse linux school server for i386",
"scope": null,
"trust": 0.3,
"vendor": "s u s e",
"version": null
},
{
"_id": null,
"model": "suse linux retail solution",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "8.0"
},
{
"_id": null,
"model": "suse linux openexchange server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "4.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux personal x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.3"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86-64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1x86"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86-64"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0x86"
},
{
"_id": null,
"model": "linux ppc",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"_id": null,
"model": "enterprise linux virtualization server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux optional productivity application server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux hardware certification",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux desktop multi os client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux clustering server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux cluster-storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.0"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.2"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.1"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4.0"
},
{
"_id": null,
"model": "hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3)4.2"
},
{
"_id": null,
"model": "hat enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "associates cohesion application configuration manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.4"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.3"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.2"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.1"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.0"
},
{
"_id": null,
"model": "associates cohesion application configuration manager sp1",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "4.5"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"_id": null,
"model": "software foundation tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.23"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_messaging_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
}
]
},
"credits": {
"_id": null,
"data": "David Matscheko",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0450",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2007-0450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-0450",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2007-0450",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-400",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-0450",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. \nExploiting this issue allows attackers to access arbitrary files in the Tomcat webroot. This can expose sensitive information that could help the attacker launch further attacks. \nVersions in the 5.0 series prior to 5.5.22 and in the 6.0 series prior to 6.0.10 are vulnerable. Note that this vulnerability can only be exploited when using\napache proxy modules like mod_proxy, mod_rewrite or mod_jk. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Tomcat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-5.5.22\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200705-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\n\n\nCA Advisory Reference: CA20090123-01\n\n\nCA Advisory Date: 2009-01-23\n\n\nReported By: n/a\n\n\nImpact: Refer to the CVE identifiers for details. \n\n\nSummary: Multiple security risks exist in Apache Tomcat as \nincluded with CA Cohesion Application Configuration Manager. CA \nhas issued an update to address the vulnerabilities. Refer to the \nReferences section for the full list of resolved issues by CVE \nidentifier. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. \n\n\nAffected Products:\nCA Cohesion Application Configuration Manager 4.5\n\n\nNon-Affected Products\nCA Cohesion Application Configuration Manager 4.5 SP1\n\n\nAffected Platforms:\nWindows\n\n\nStatus and Recommendation:\nCA has issued the following update to address the vulnerabilities. \n\nCA Cohesion Application Configuration Manager 4.5:\n\nRO04648\nhttps://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search\n\u0026searchID=RO04648\n\n\nHow to determine if you are affected:\n\n1. Using Windows Explorer, locate the file \"RELEASE-NOTES\". \n2. By default, the file is located in the \n \"C:\\Program Files\\CA\\Cohesion\\Server\\server\\\" directory. \n3. Open the file with a text editor. \n4. If the version is less than 5.5.25, the installation is \n vulnerable. \n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nCA20090123-01: Security Notice for Cohesion Tomcat\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1975\n40\nSolution Document Reference APARs:\nRO04648\nCA Security Response Blog posting:\nCA20090123-01: Cohesion Tomcat Multiple Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx\nReported By: \nn/a\nCVE References:\nCVE-2005-2090\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090\nCVE-2005-3510\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3510\nCVE-2006-3835\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3835\nCVE-2006-7195\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7195\nCVE-2006-7196\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7196\nCVE-2007-0450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\nCVE-2007-1355\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1355\nCVE-2007-1358\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358\nCVE-2007-1858\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1858\nCVE-2007-2449\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\nCVE-2007-2450\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\nCVE-2007-3382\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\nCVE-2007-3385 *\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\nCVE-2007-3386\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\nCVE-2008-0128\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0128\n*Note: the issue was not completely fixed by Tomcat maintainers. \nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\nv1.1 - Updated Impact, Summary, Affected Products\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to the CA Product Vulnerability Response Team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1777\n82\n\n\nRegards,\nKen Williams, Director ; 0xE2941985\nCA Product Vulnerability Response Team\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2009 CA. All rights reserved. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01178795\nVersion: 1\n\nHPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-02\nLast Updated: 2007-10-02\n\nPotential Security Impact: Remote arbitrary code execution, cross site scripting (XSS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. \n\nReferences: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. \n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache\n\nBACKGROUND\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended patch or update is installed. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision A.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \n\naction: install revision B.2.0.59.00 or subsequent \nrestart Apache \nURL: https://www.hp.com/go/softwaredepot/ \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \nHP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \nThe update is available on https://www.hp.com/go/softwaredepot/ \nNote: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. \n\nMANUAL ACTIONS: Yes - Update \nInstall HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 02 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ\nHHoe3AY1sc6hrW3Xk+B1hcbr\n=+E1W\n-----END PGP SIGNATURE-----\n. \n \n Multiple cross-site scripting vulnerabilities in the Manager and Host\n Manager web applications allow remote authenticated users to inject\n arbitrary web script or HTML (CVE-2007-2450). \n \n Tomcat treated single quotes as delimiters in cookies, which could\n cause sensitive information such as session IDs to be leaked and allow\n remote attackers to conduct session hijacking attacks (CVE-2007-3382). \n \n Tomcat did not properly handle the \" character sequence in a cookie\n value, which could cause sensitive information such as session IDs\n to be leaked and allow remote attackers to conduct session hijacking\n attacks (CVE-2007-3385). \n \n A cross-site scripting vulnerability in the Host Manager servlet\n allowed remote attackers to inject arbitrary HTML and web script via\n crafted attacks (CVE-2007-3386). \n \n The updated packages have been patched to correct these issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2449\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3382\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.1:\n 2eaba952d2699868ef76ca11dc7743e2 2007.1/i586/tomcat5-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 037b18dda99d06be0b77f35964257902 2007.1/i586/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n d9e6c355370c0e3f9aebc7ba0edd99d5 2007.1/i586/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fcb4fa36ea0926a0fbd92d1f9c9d9671 2007.1/i586/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n fedd1a27a4f46d0d793c3ceb21a57246 2007.1/i586/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n ab5985c840c14c812b3e72dae54407f0 2007.1/i586/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 6266395d78af5f64ce7a150b9175fab7 2007.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 08335caaa65e97003aa67d465ce60ae1 2007.1/i586/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 3a4f5995900419c7354804ae0dc548b6 2007.1/i586/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 0c27ba521cee0d06627f121df3a138c9 2007.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.i586.rpm\n 07537a59d8549f412dc4c9a783f41177 2007.1/i586/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.i586.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n aea539336fa58a995ae1411fe61934c2 2007.1/x86_64/tomcat5-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 0225750a0d4ef032915783d0b29c1504 2007.1/x86_64/tomcat5-admin-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 8223d038509a71f537f537909e9ef863 2007.1/x86_64/tomcat5-common-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n dedd59d873c5bb4e608b1328595f2d98 2007.1/x86_64/tomcat5-jasper-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n c0ef0eda05488b8b571e6700a9365ea3 2007.1/x86_64/tomcat5-jasper-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 95dae961b82630d633fc3419383dbe4b 2007.1/x86_64/tomcat5-jsp-2.0-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 41378a0106da001d545681c185b2f5c3 2007.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 5448b57b7667414c12aabb1da5e528fa 2007.1/x86_64/tomcat5-server-lib-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 9a277ae64587b81f61e8c118ba4d4571 2007.1/x86_64/tomcat5-servlet-2.4-api-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n 1be4b0eea59741ef7efb0f51f97e19c7 2007.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm\n d3965a643dbdc8e685ff4b5861877254 2007.1/x86_64/tomcat5-webapps-5.5.17-6.2.4.1mdv2007.1.x86_64.rpm \n b55342a597ab506be934b6a73ed24005 2007.1/SRPMS/tomcat5-5.5.17-6.2.4.1mdv2007.1.src.rpm\n\n Mandriva Linux 2008.0:\n 828e35db12f9dab3a5e63c475c289f88 2008.0/i586/tomcat5-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 5e98b01f16f8213db5e842dcb47e4e8b 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd483503d3f313775be4c098858a4e0d 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 23dffdf05e1c50d5cfea045552c8f3bb 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3da9fcc0e4c0c8366b676e0770b8fe7c 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 03222fbcf7fad63aa6920d5d4ee55ee2 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 566362e78e6dd5f853b616204453aa0d 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n fd00fd2a4faa567523ba9ce959ad1efa 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 8a8c1b69636876ac31b0968edce82d3f 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 85d0641840725e728f18cc86925d1923 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.i586.rpm\n 3e62b31a3fce47b8d7e2de2ecc7eb29d 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.i586.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n a44ed55a6a2943e5ba39ea6473a2af27 2008.0/x86_64/tomcat5-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 292e2c0a822a736fe85c498c17bb09c6 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n c8ee3862233f323278d0b97a3f07a74d 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 0c944fe5d8725da8fd4e57e89539fa21 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n bcbb50b5978295bd40ec24212ca77a8a 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 472c0a30c7ad74c0cb63da51142de438 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 10c6da9615553dc07e2f59d226f30a1d 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 53eba8a64c428e6e2a14e59095f958b4 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 8c6849bcca11457dffd03aa9c9e9a35f 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n b5b42989963c31f79a997c9c18ed4cb4 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm\n 667a7b6fe2d3bc22ef64d87c2a6b9fe7 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.1mdv2008.0.x86_64.rpm \n 9522ebba28176adf03d9a7b33fb526f8 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.1mdv2008.0.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHXZ68mqjQ0CJFipgRAhO2AKC+AwaCU8LmMtlbmj5Q9HgrOr3PTwCeMZo1\nQKCxPSeNSXZPdPEE6c2TDyk=\n=z6UT\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nphpPgAds XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15884\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15884/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nphpPgAds 2.x\nhttp://secunia.com/product/4577/\n\nDESCRIPTION:\nA vulnerability has been reported in phpPgAds, which can be exploited\nby malicious people to compromise a vulnerable system. \n\nFor more information:\nSA15852\n\nSOLUTION:\nUpdate to version 2.0.5. \nhttp://sourceforge.net/project/showfiles.php?group_id=36679\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\n Updated Tomcat and Java JRE packages for VirtualCenter 2.0.2, ESX\n Server 3.0.2, and ESX 3.0.1. Relevant releases:\n\n VirtualCenter Management Server 2\n ESX Server 3.0.2 without patch ESX-1002434\n ESX Server 3.0.1 without patch ESX-1003176\n\n3. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the names CVE-2005-2090, CVE-2006-7195, and CVE-2007-0450 to\n these issues. \n\n JRE Security Update\n This release of VirtualCenter Server updates the JRE package from\n 1.5.0_7 to 1.5.0_12, which addresses a security issue that existed in\n the earlier release of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the name CVE-2007-3004 to this issue. \n\n Security best practices provided by VMware recommend that the\n service console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. Solution:\n\nPlease review the Patch notes for your product and version and verify\nthe md5sum of your downloaded file. \n\n VMware VirtualCenter 2.0.2 Update 2 Release Notes\n http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html\n\n VirtualCenter CD image\n md5sum d7d98a5d7f8afff32cee848f860d3ba7\n\n VirtualCenter as Zip\n md5sum 3b42ec350121659e10352ca2d76e212b\n\n ESX Server 3.0.2\n http://kb.vmware.com/kb/1002434\n md5sum: 2f52251f6ace3d50934344ef313539d5\n\n ESX Server 3.0.1\n http://kb.vmware.com/kb/1003176\n md5sum: 5674ca0dcfac90726014cc316444996e\n\n5. Contact:\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce@lists.vmware.com\n * bugtraq@securityfocus.com\n * full-disclosure@lists.grok.org.uk\n\nE-mail: security@vmware.com\n\nSecurity web site\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2008 VMware Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0450"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=29739",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-0450"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-0450",
"trust": 3.3
},
{
"db": "BID",
"id": "22960",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "24732",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "28365",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30899",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25106",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26235",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30908",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27037",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26660",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33668",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25280",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2446",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-1979",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3386",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2732",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0233",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0975",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3087",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0065",
"trust": 1.7
},
{
"db": "BID",
"id": "25159",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "XF",
"id": "32988",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "29739",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-0450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "56411",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74289",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59939",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62402",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"id": "VAR-200703-0007",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T22:49:17.916000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache Tomcat 6.0.10",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Fixed in Apache Tomcat 4.1.36",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "Fixed in Apache Tomcat 5.5.22, 5.0.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01178795"
},
{
"title": "HPSBUX02262",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02262.html"
},
{
"title": "tomcat4 (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1168"
},
{
"title": "NV09-001",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-001.html"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0327.html"
},
{
"title": "239312",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"title": "imss_70_lx32_en_sp1_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_lx32_en_sp1_patch2_readme.txt"
},
{
"title": "readme_imss70_lin_sp1_patch1_b3356",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_sp1_patch1_b3356.txt"
},
{
"title": "imss_70_win32_en_sp1_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/imss_70_win32_en_sp1_patch2_readme.txt"
},
{
"title": "readme_imss70_sol_sp1_patch1_b81460",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_sp1_patch1_b81460_r2.txt"
},
{
"title": "iwss_31_lx32_en_patch2_readme",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/documentation/readme/iwss_31_lx32_en_patch2_readme.txt"
},
{
"title": "interstage_as_200702",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200702.html"
},
{
"title": "2064149",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064149"
},
{
"title": "2064436",
"trust": 0.8,
"url": "http://esupport.trendmicro.co.jp/supportjp/viewxml.do?ContentID=JP-2064436"
},
{
"title": "RHSA-2007:0327",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0327J.html"
},
{
"title": "VMware Security Advisories: Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=0fde1d7289a7f706413e4e8620446740"
},
{
"title": "Capstone-Red-vs-Blue-CySec-Report",
"trust": 0.1,
"url": "https://github.com/ActualSalt/Capstone-Red-vs-Blue-CySec-Report "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/22960"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/24732"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/25159"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-206.htm"
},
{
"trust": 2.0,
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=197540"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200705-03.xml"
},
{
"trust": 1.7,
"url": "http://www.sec-consult.com/287.html"
},
{
"trust": 1.7,
"url": "http://www.sec-consult.com/fileadmin/advisories/20070314-0-apache_tomcat_directory_traversal.txt"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_5_sr.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25106"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0327.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25280"
},
{
"trust": 1.7,
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce//2007/jul/msg00004.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0360.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26235"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26660"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27037"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2446"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:241"
},
{
"trust": 1.7,
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000003.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28365"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30908"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30899"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33668"
},
{
"trust": 1.7,
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/0975"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3087"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3386"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1979/references"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0065"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01178795"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32988"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10643"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/485938/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/462791/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0450"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2007/0975"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/32988"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0450"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8d2a579bbd977c225c70cb23b0ec54865fb0dab5da3eff1e060c9935@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0450"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "/archive/1/500412"
},
{
"trust": 0.3,
"url": "/archive/1/481830"
},
{
"trust": 0.3,
"url": "msg://bugtraq/45f7f67f.8050403@sec-consult.com"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0327.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-1069.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2449"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3386"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2450"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3382"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3385"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2090"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1358"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2450"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2090"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7195"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3385"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3386"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3382"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1355"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7195"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2449"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5c616dfc49156e4b06ffab842800c80f4425924d0f20c452c127a53c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://github.com/actualsalt/capstone-red-vs-blue-cysec-report"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/29739/"
},
{
"trust": 0.1,
"url": "https://www.vmware.com/security/advisories/vmsa-2008-0002.html"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7196"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3510"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0128"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1355"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1777"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3835"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=1975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1858"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-7196"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/softwaredepot/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0774"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2756"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1887"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=36679"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1003176"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1002434"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3004"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/vi3/doc/releasenotes_vc202u2.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2007-0450"
},
{
"db": "BID",
"id": "22960"
},
{
"db": "PACKETSTORM",
"id": "56411"
},
{
"db": "PACKETSTORM",
"id": "74289"
},
{
"db": "PACKETSTORM",
"id": "59939"
},
{
"db": "PACKETSTORM",
"id": "61679"
},
{
"db": "PACKETSTORM",
"id": "38390"
},
{
"db": "PACKETSTORM",
"id": "62402"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217"
},
{
"db": "NVD",
"id": "CVE-2007-0450"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"db": "BID",
"id": "22960",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "56411",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "74289",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "59939",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "61679",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "62402",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2007-03-16T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"date": "2007-03-14T00:00:00",
"db": "BID",
"id": "22960",
"ident": null
},
{
"date": "2007-05-03T07:01:34",
"db": "PACKETSTORM",
"id": "56411",
"ident": null
},
{
"date": "2009-01-27T23:27:39",
"db": "PACKETSTORM",
"id": "74289",
"ident": null
},
{
"date": "2007-10-10T05:27:27",
"db": "PACKETSTORM",
"id": "59939",
"ident": null
},
{
"date": "2007-12-11T01:29:29",
"db": "PACKETSTORM",
"id": "61679",
"ident": null
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38390",
"ident": null
},
{
"date": "2008-01-08T16:58:51",
"db": "PACKETSTORM",
"id": "62402",
"ident": null
},
{
"date": "2006-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"date": "2007-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"date": "2007-03-16T22:19:00",
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845",
"ident": null
},
{
"date": "2019-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-0450",
"ident": null
},
{
"date": "2010-08-05T20:45:00",
"db": "BID",
"id": "22960",
"ident": null
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-400",
"ident": null
},
{
"date": "2010-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000217",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-0450",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-400"
}
],
"trust": 0.6
}
}
VAR-201106-0192
Vulnerability from variot - Updated: 2026-03-09 22:42The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. Attackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. Versions prior to Subversion 1.6.17 are vulnerable. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following:
Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook
ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative
CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners
CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC
CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson
curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192
Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue.
dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple
filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167
ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher
Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook
libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive
libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton
OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268
PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023
Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204
WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf
Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple
OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3.
For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c
For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c
For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d
For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b
For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities
SECUNIA ADVISORY ID: SA44681
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
RELEASE DATE: 2011-06-02
DISCUSS ADVISORY: http://secunia.com/advisories/44681/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44681/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44681
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in Apache Subversion, which can be exploited by malicious people to cause a DoS (Denial of Service).
PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor 2) The vendor credits Ivan Zhakov, VisualSVN.
ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-11
http://security.gentoo.org/
Severity: Low Title: Subversion: Multiple vulnerabilities Date: September 23, 2013 Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166 ID: 201309-11
Synopsis
Multiple vulnerabilities have been found in Subversion, allowing attackers to cause a Denial of Service, escalate privileges, or obtain sensitive information.
Background
Subversion is a versioning system designed to be a replacement for CVS.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.7.13 >= 1.7.13
Description
Multiple vulnerabilities have been discovered in Subversion. Please review the CVE identifiers referenced below for details. A local attacker could escalate his privileges to the user running svnserve.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.7.13"
References
[ 1 ] CVE-2010-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539 [ 2 ] CVE-2010-4644 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644 [ 3 ] CVE-2011-0715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715 [ 4 ] CVE-2011-1752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752 [ 5 ] CVE-2011-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783 [ 6 ] CVE-2011-1921 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921 [ 7 ] CVE-2013-1845 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845 [ 8 ] CVE-2013-1846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846 [ 9 ] CVE-2013-1847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847 [ 10 ] CVE-2013-1849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849 [ 11 ] CVE-2013-1884 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884 [ 12 ] CVE-2013-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968 [ 13 ] CVE-2013-2088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088 [ 14 ] CVE-2013-2112 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112 [ 15 ] CVE-2013-4131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131 [ 16 ] CVE-2013-4277 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2011:0862-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html Issue date: 2011-06-08 CVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 =====================================================================
- Summary:
Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP.
An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2011-1783)
A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752)
An information disclosure flaw was found in the way the mod_dav_svn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files in a repository that would otherwise not be accessible to them. Note: This vulnerability cannot be triggered if the SVNPathAuthz directive is set to "short_circuit". Upstream acknowledges Joe Schaefer of the Apache Software Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of VisualSVN as the original reporter of CVE-2011-1783; and Kamesh Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.
All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources 709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control 709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users
- Package List:
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm
i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm
x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm
i386: mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-javahl-1.6.11-7.el5_6.4.i386.rpm subversion-perl-1.6.11-7.el5_6.4.i386.rpm subversion-ruby-1.6.11-7.el5_6.4.i386.rpm
ia64: mod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm subversion-1.6.11-7.el5_6.4.ia64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm subversion-devel-1.6.11-7.el5_6.4.ia64.rpm subversion-javahl-1.6.11-7.el5_6.4.ia64.rpm subversion-perl-1.6.11-7.el5_6.4.ia64.rpm subversion-ruby-1.6.11-7.el5_6.4.ia64.rpm
ppc: mod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc.rpm subversion-1.6.11-7.el5_6.4.ppc64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm subversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm subversion-devel-1.6.11-7.el5_6.4.ppc.rpm subversion-devel-1.6.11-7.el5_6.4.ppc64.rpm subversion-javahl-1.6.11-7.el5_6.4.ppc.rpm subversion-perl-1.6.11-7.el5_6.4.ppc.rpm subversion-ruby-1.6.11-7.el5_6.4.ppc.rpm
s390x: mod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm subversion-1.6.11-7.el5_6.4.s390.rpm subversion-1.6.11-7.el5_6.4.s390x.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm subversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm subversion-devel-1.6.11-7.el5_6.4.s390.rpm subversion-devel-1.6.11-7.el5_6.4.s390x.rpm subversion-javahl-1.6.11-7.el5_6.4.s390x.rpm subversion-perl-1.6.11-7.el5_6.4.s390x.rpm subversion-ruby-1.6.11-7.el5_6.4.s390x.rpm
x86_64: mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm subversion-1.6.11-7.el5_6.4.i386.rpm subversion-1.6.11-7.el5_6.4.x86_64.rpm subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm subversion-devel-1.6.11-7.el5_6.4.i386.rpm subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
ppc64: mod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm subversion-1.6.11-2.el6_1.4.ppc.rpm subversion-1.6.11-2.el6_1.4.ppc64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm
s390x: mod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm subversion-1.6.11-2.el6_1.4.s390.rpm subversion-1.6.11-2.el6_1.4.s390x.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
ppc64: subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm subversion-devel-1.6.11-2.el6_1.4.ppc.rpm subversion-devel-1.6.11-2.el6_1.4.ppc64.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc.rpm subversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc.rpm subversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm subversion-kde-1.6.11-2.el6_1.4.ppc.rpm subversion-kde-1.6.11-2.el6_1.4.ppc64.rpm subversion-perl-1.6.11-2.el6_1.4.ppc.rpm subversion-perl-1.6.11-2.el6_1.4.ppc64.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc.rpm subversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm
s390x: subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm subversion-devel-1.6.11-2.el6_1.4.s390.rpm subversion-devel-1.6.11-2.el6_1.4.s390x.rpm subversion-gnome-1.6.11-2.el6_1.4.s390.rpm subversion-gnome-1.6.11-2.el6_1.4.s390x.rpm subversion-javahl-1.6.11-2.el6_1.4.s390.rpm subversion-javahl-1.6.11-2.el6_1.4.s390x.rpm subversion-kde-1.6.11-2.el6_1.4.s390.rpm subversion-kde-1.6.11-2.el6_1.4.s390x.rpm subversion-perl-1.6.11-2.el6_1.4.s390.rpm subversion-perl-1.6.11-2.el6_1.4.s390x.rpm subversion-ruby-1.6.11-2.el6_1.4.s390.rpm subversion-ruby-1.6.11-2.el6_1.4.s390x.rpm
x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
x86_64: mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm subversion-1.6.11-2.el6_1.4.i686.rpm subversion-1.6.11-2.el6_1.4.x86_64.rpm subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-javahl-1.6.11-2.el6_1.4.i686.rpm subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm
i386: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
noarch: subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm
x86_64: subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm subversion-devel-1.6.11-2.el6_1.4.i686.rpm subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm subversion-gnome-1.6.11-2.el6_1.4.i686.rpm subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm subversion-kde-1.6.11-2.el6_1.4.i686.rpm subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm subversion-perl-1.6.11-2.el6_1.4.i686.rpm subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm subversion-ruby-1.6.11-2.el6_1.4.i686.rpm subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-1752.html https://www.redhat.com/security/data/cve/CVE-2011-1783.html https://www.redhat.com/security/data/cve/CVE-2011-1921.html https://access.redhat.com/security/updates/classification/#moderate http://subversion.apache.org/security/CVE-2011-1783-advisory.txt http://subversion.apache.org/security/CVE-2011-1752-advisory.txt http://subversion.apache.org/security/CVE-2011-1921-advisory.txt
- Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFN75utXlSAg2UNWIIRAuXgAJ9fhhY1xxC7jRZbLGZA6ENr3dnTBQCgkdf0 J9nA8MJRlM/XVtyj3mbVErg= =jujC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2011-1752
The mod_dav_svn Apache HTTPD server module can be crashed though
when asked to deliver baselined WebDAV resources.
CVE-2011-1921
The mod_dav_svn Apache HTTPD server module may leak to remote users
the file contents of files configured to be unreadable by those
users.
For the oldstable distribution (lenny), this problem has been fixed in version 1.5.1dfsg1-7.
For the stable distribution (squeeze), this problem has been fixed in version 1.6.12dfsg-6.
For the unstable distribution (sid), this problem has been fixed in version 1.6.17dfsg-1. ========================================================================== Ubuntu Security Notice USN-1144-1 June 06, 2011
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files.
Software Description: - subversion: Advanced version control system
Details:
Joe Schaefer discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain baselined WebDAV resource requests. (CVE-2011-1752)
Ivan Zhakov discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests. (CVE-2011-1921)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libapache2-svn 1.6.12dfsg-4ubuntu2.1
Ubuntu 10.10: libapache2-svn 1.6.12dfsg-1ubuntu1.3
Ubuntu 10.04 LTS: libapache2-svn 1.6.6dfsg-2ubuntu1.3
After a standard system update you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201106-0192",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "lt",
"trust": 1.8,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "15"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "11.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.7.3"
},
{
"model": "subversion",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.6.z (server)"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux long life",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "(v. 5.6 server)"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.1.z"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "http server",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.2"
},
{
"model": "software foundation subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.6"
},
{
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.9"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "software foundation subversion m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "hat enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.0"
},
{
"model": "hat enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.37"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.12"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20110"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.23"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.36"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.32.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.21"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.11.1"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.5"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.6"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.10.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.4"
},
{
"model": "software foundation subversion m4/m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.29"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.34"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13.1"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.1"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.4.5"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.15"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.18"
},
{
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.4"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.26"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.6"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.1.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.7"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.19"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.1"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.33"
},
{
"model": "software foundation subversion m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.16.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.30"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0.7"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.25"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28.2"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.5.8"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.2.3"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.28"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.14.5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.35"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.27"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.20.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.17"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.31"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.22.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.3"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0.24.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "software foundation subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "48091"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:subversion",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_server_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0026lt;br\u0026gt;Joe Schaefer of Apache Software Foundation, Ivan Zhakov of VisualSVN, and Kamesh Jayachandran of CollabNet.",
"sources": [
{
"db": "BID",
"id": "48091"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1783",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-1783",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-49728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1783",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-1783",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-022",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49728",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. Apache Subversion is prone to multiple vulnerabilities, including two denial-of-service issues and an information-disclosure issue. \nAttackers can exploit these issues to crash the application, exhaust all memory resources, or obtain potentially sensitive information. \nVersions prior to Subversion 1.6.17 are vulnerable. The server is fast, reliable and extensible through a simple API. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\n\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\naddresses the following:\n\nAddress Book\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: An attacker in a privileged network position may intercept\nCardDAV data\nDescription: Address Book supports Secure Sockets Layer (SSL) for\naccessing CardDAV. A downgrade issue caused Address Book to attempt\nan unencrypted connection if an encrypted connection failed. An\nattacker in a privileged network position could abuse this behavior\nto intercept CardDAV data. This issue is addressed by not downgrading\nto an unencrypted connection without user approval. \nCVE-ID\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.21 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-3348\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nApache disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by providing a configuration\nparameter to control the countermeasure and enabling it by default. \nCVE-ID\nCVE-2011-3389\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nthe request to an incorrect origin server. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCFNetwork\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of malformed\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\nunexpected request headers. This issue does not affect systems prior\nto OS X Lion. \nCVE-ID\nCVE-2011-3447 : Erling Ellingsen of Facebook\n\nColorSync\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted image with an embedded\nColorSync profile may lead to an unexpected application termination\nor arbitrary code execution\nDescription: An integer overflow existed in the handling of images\nwith an embedded ColorSync profile, which may lead to a heap buffer\noverflow. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-0200 : binaryproof working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreAudio\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Playing maliciously crafted audio content may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of AAC\nencoded audio streams. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in CoreMedia\u0027s handling\nof H.264 encoded movie files. \nCVE-ID\nCVE-2011-3448 : Scott Stender of iSEC Partners\n\nCoreText\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to an unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue existed in the handling of font\nfiles. \nCVE-ID\nCVE-2011-3449 : Will Dormann of the CERT/CC\n\nCoreUI\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a malicious website may lead to an unexpected\napplication termination or arbitrary code execution\nDescription: An unbounded stack allocation issue existed in the\nhandling of long URLs. This issue does not affect systems prior to OS\nX Lion. \nCVE-ID\nCVE-2011-3450 : Ben Syverson\n\ncurl\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: A remote server may be able to impersonate clients via\nGSSAPI requests\nDescription: When doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This issue is\naddressed by disabling GSSAPI credential delegation. \nCVE-ID\nCVE-2011-2192\n\nData Security\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: Two certificate authorities in the list of trusted root\ncertificates have independently issued intermediate certificates to\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\nweak keys that it is unable to revoke. An attacker with a privileged\nnetwork position could intercept user credentials or other sensitive\ninformation intended for a site with a certificate issued by DigiCert\nMalaysia. This issue is addressed by configuring default system trust\nsettings so that DigiCert Malaysia\u0027s certificates are not trusted. We\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\nthis issue. \n\ndovecot\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nDovecot disabled the \u0027empty fragment\u0027 countermeasure which prevented\nthese attacks. This issue is addressed by enabling the\ncountermeasure. \nCVE-ID\nCVE-2011-3389 : Apple\n\nfilecmds\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Decompressing a maliciously crafted compressed file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the \u0027uncompress\u0027 command\nline tool. \nCVE-ID\nCVE-2011-2895\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in ImageIO\u0027s handling of\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted TIFF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in libtiff\u0027s handling of\nThunderScan encoded TIFF images. This issue is address by updating\nlibtiff to version 3.9.5. \nCVE-ID\nCVE-2011-1167\n\nImageIO\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nInternet Sharing\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A Wi-Fi network created by Internet Sharing may lose\nsecurity settings after a system update\nDescription: After updating to a version of OS X Lion prior to\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\nto factory defaults, which disables the WEP password. This issue only\naffects systems with Internet Sharing enabled and sharing the\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\nconfiguration during a system update. \nCVE-ID\nCVE-2011-3452 : an anonymous researcher\n\nLibinfo\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in Libinfo\u0027s handling of hostname\nlookup requests. Libinfo could return incorrect results for a\nmaliciously crafted hostname. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3441 : Erling Ellingsen of Facebook\n\nlibresolv\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s libresolv library may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: An integer overflow existed in the parsing of DNS\nresource records, which may lead to heap memory corruption. \nCVE-ID\nCVE-2011-3453 : Ilja van Sprundel of IOActive\n\nlibsecurity\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Some EV certificates may be trusted even if the\ncorresponding root has been marked as untrusted\nDescription: The certificate code trusted a root certificate to sign\nEV certificates if it was on the list of known EV issuers, even if\nthe user had marked it as \u0027Never Trust\u0027 in Keychain. The root would\nnot be trusted to sign non-EV certificates. \nCVE-ID\nCVE-2011-3422 : Alastair Houghton\n\nOpenGL\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Applications that use OS X\u0027s OpenGL implementation may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: Multiple memory corruption issues existed in the\nhandling of GLSL compilation. \nCVE-ID\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\nMarc Schoenefeld of the Red Hat Security Response Team\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in PHP 5.3.6\nDescription: PHP is updated to version 5.3.8 to address several\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2011-1148\nCVE-2011-1657\nCVE-2011-1938\nCVE-2011-2202\nCVE-2011-2483\nCVE-2011-3182\nCVE-2011-3189\nCVE-2011-3267\nCVE-2011-3268\n\nPHP\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Multiple vulnerabilities in libpng 1.5.4\nDescription: libpng is updated to version 1.5.5 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-3328\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\nan unexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of MP4 encoded files. \nCVE-ID\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\nTippingPoint\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in the handling of font\ntables embedded in QuickTime movie files. \nCVE-ID\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An off by one buffer overflow existed in the handling\nof rdrf atoms in QuickTime movie files. \nCVE-ID\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\nto an unexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nfiles. \nCVE-ID\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Processing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of PNG files. \nCVE-ID\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of FLC\nencoded movie files\nCVE-ID\nCVE-2011-3249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSquirrelMail\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in SquirrelMail\nDescription: SquirrelMail is updated to version 1.4.22 to address\nseveral vulnerabilities, the most serious of which is a cross-site\nscripting issue. This issue does not affect OS X Lion systems. \nFurther information is available via the SquirrelMail web site at\nhttp://www.SquirrelMail.org/\nCVE-ID\nCVE-2010-1637\nCVE-2010-2813\nCVE-2010-4554\nCVE-2010-4555\nCVE-2011-2023\n\nSubversion\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Accessing a Subversion repository may lead to the disclosure\nof sensitive information\nDescription: Subversion is updated to version 1.6.17 to address\nmultiple vulnerabilities, the most serious of which may lead to the\ndisclosure of sensitive information. Further information is available\nvia the Subversion web site at http://subversion.tigris.org/\nCVE-ID\nCVE-2011-1752\nCVE-2011-1783\nCVE-2011-1921\n\nTime Machine\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: A remote attacker may access new backups created by the\nuser\u0027s system\nDescription: The user may designate a remote AFP volume or Time\nCapsule to be used for Time Machine backups. Time Machine did not\nverify that the same device was being used for subsequent backup\noperations. An attacker who is able to spoof the remote volume could\ngain access to new backups created by the user\u0027s system. This issue\nis addressed by verifying the unique identifier associated with a\ndisk for backup operations. \nCVE-ID\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\nDresden\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\nDescription: Tomcat is updated to version 6.0.33 to address multiple\nvulnerabilities, the most serious of which may lead to the disclosure\nof sensitive information. Tomcat is only provided on Mac OS X Server\nsystems. This issue does not affect OS X Lion systems. Further\ninformation is available via the Tomcat site at\nhttp://tomcat.apache.org/\nCVE-ID\nCVE-2011-2204\n\nWebDAV Sharing\nAvailable for: OS X Lion Server v10.7 to v10.7.2\nImpact: Local users may obtain system privileges\nDescription: An issue existed in WebDAV Sharing\u0027s handling of user\nauthentication. A user with a valid account on the server or one of\nits bound directories could cause the execution of arbitrary code\nwith system privileges. This issue does not affect systems prior to\nOS X Lion. \nCVE-ID\nCVE-2011-3463 : Gordon Davisson of Crywolf\n\nWebmail\nAvailable for: OS X Lion v10.7 to v10.7.2,\nOS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted e-mail message may lead to the\ndisclosure of message content\nDescription: A cross-site scripting vulnerability existed in the\nhandling of mail messages. This issue is addressed by updating\nRoundcube Webmail to version 0.6. This issue does not affect systems\nprior to OS X Lion. Further information is available via the\nRoundcube site at http://trac.roundcube.net/\nCVE-ID\nCVE-2011-2937\n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in FreeType\u0027s\nhandling of Type 1 fonts. This issue is addressed by updating\nFreeType to version 2.4.7. Further information is available via the\nFreeType site at http://www.freetype.org/\nCVE-ID\nCVE-2011-3256 : Apple\n\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2021-001 or OS X v10.7.3. \n\nFor OS X Lion v10.7.2\nThe download file is named: MacOSXUpd10.7.3.dmg\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\n\nFor OS X Lion v10.7 and v10.7.1\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\n\nFor OS X Lion Server v10.7.2\nThe download file is named: MacOSXServerUpd10.7.3.dmg\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\n\nFor OS X Lion Server v10.7 and v10.7.1\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-001Snow.dmg\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-001.dmg\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\n=c1eU\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Subversion mod_dav_svn Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44681\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44681/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nRELEASE DATE:\n2011-06-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44681/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44681/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Apache Subversion, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Reported by the vendor\n2) The vendor credits Ivan Zhakov, VisualSVN. \n\nORIGINAL ADVISORY:\nhttp://subversion.apache.org/security/CVE-2011-1752-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1783-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1921-advisory.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201309-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: Subversion: Multiple vulnerabilities\n Date: September 23, 2013\n Bugs: #350166, #356741, #369065, #463728, #463860, #472202, #482166\n ID: 201309-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion, allowing\nattackers to cause a Denial of Service, escalate privileges, or obtain\nsensitive information. \n\nBackground\n==========\n\nSubversion is a versioning system designed to be a replacement for CVS. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.7.13 \u003e= 1.7.13\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion. Please\nreview the CVE identifiers referenced below for details. A local attacker could escalate his privileges\nto the user running svnserve. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.7.13\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-4539\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4539\n[ 2 ] CVE-2010-4644\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4644\n[ 3 ] CVE-2011-0715\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0715\n[ 4 ] CVE-2011-1752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1752\n[ 5 ] CVE-2011-1783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1783\n[ 6 ] CVE-2011-1921\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1921\n[ 7 ] CVE-2013-1845\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1845\n[ 8 ] CVE-2013-1846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1846\n[ 9 ] CVE-2013-1847\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1847\n[ 10 ] CVE-2013-1849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1849\n[ 11 ] CVE-2013-1884\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1884\n[ 12 ] CVE-2013-1968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1968\n[ 13 ] CVE-2013-2088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2088\n[ 14 ] CVE-2013-2112\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2112\n[ 15 ] CVE-2013-4131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4131\n[ 16 ] CVE-2013-4277\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4277\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201309-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2011:0862-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html\nIssue date: 2011-06-08\nCVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access to\nSubversion repositories via HTTP. \n\nAn infinite loop flaw was found in the way the mod_dav_svn module processed\ncertain data sets. If the SVNPathAuthz directive was set to\n\"short_circuit\", and path-based access control for files and directories\nwas enabled, a malicious, remote user could use this flaw to cause the\nhttpd process serving the request to consume an excessive amount of system\nmemory. (CVE-2011-1783)\n\nA NULL pointer dereference flaw was found in the way the mod_dav_svn module\nprocessed requests submitted against the URL of a baselined resource. A\nmalicious, remote user could use this flaw to cause the httpd process\nserving the request to crash. (CVE-2011-1752)\n\nAn information disclosure flaw was found in the way the mod_dav_svn\nmodule processed certain URLs when path-based access control for files and\ndirectories was enabled. A malicious, remote user could possibly use this\nflaw to access certain files in a repository that would otherwise not be\naccessible to them. Note: This vulnerability cannot be triggered if the\nSVNPathAuthz directive is set to \"short_circuit\". Upstream acknowledges Joe Schaefer of the Apache Software\nFoundation as the original reporter of CVE-2011-1752; Ivan Zhakov of\nVisualSVN as the original reporter of CVE-2011-1783; and Kamesh\nJayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921. \n\nAll Subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, you must restart the httpd daemon, if you are using\nmod_dav_svn, for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources\n709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control\n709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users\n\n6. Package List:\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-perl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.i386.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-perl-1.6.11-7.el5_6.4.i386.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.i386.rpm\n\nia64:\nmod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.ia64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.ia64.rpm\n\nppc:\nmod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-devel-1.6.11-7.el5_6.4.ppc64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-perl-1.6.11-7.el5_6.4.ppc.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.ppc.rpm\n\ns390x:\nmod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-1.6.11-7.el5_6.4.s390.rpm\nsubversion-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-devel-1.6.11-7.el5_6.4.s390.rpm\nsubversion-devel-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-perl-1.6.11-7.el5_6.4.s390x.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-1.6.11-7.el5_6.4.i386.rpm\nsubversion-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm\nsubversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-devel-1.6.11-7.el5_6.4.i386.rpm\nsubversion-devel-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-perl-1.6.11-7.el5_6.4.x86_64.rpm\nsubversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\n\nppc64:\nmod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-1.6.11-2.el6_1.4.s390.rpm\nsubversion-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nppc64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-devel-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-kde-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-perl-1.6.11-2.el6_1.4.ppc64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.ppc.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm\n\ns390x:\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-devel-1.6.11-2.el6_1.4.s390.rpm\nsubversion-devel-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.s390.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.s390.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-kde-1.6.11-2.el6_1.4.s390.rpm\nsubversion-kde-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-perl-1.6.11-2.el6_1.4.s390.rpm\nsubversion-perl-1.6.11-2.el6_1.4.s390x.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.s390.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.s390x.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nmod_dav_svn-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\n\nx86_64:\nmod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-1.6.11-2.el6_1.4.i686.rpm\nsubversion-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm\n\ni386:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\n\nnoarch:\nsubversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm\n\nx86_64:\nsubversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm\nsubversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-devel-1.6.11-2.el6_1.4.i686.rpm\nsubversion-devel-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.i686.rpm\nsubversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-kde-1.6.11-2.el6_1.4.i686.rpm\nsubversion-kde-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-perl-1.6.11-2.el6_1.4.i686.rpm\nsubversion-perl-1.6.11-2.el6_1.4.x86_64.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.i686.rpm\nsubversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1752.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1783.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-1921.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://subversion.apache.org/security/CVE-2011-1783-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1752-advisory.txt\nhttp://subversion.apache.org/security/CVE-2011-1921-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u0026lt;secalert@redhat.com\u0026gt;. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFN75utXlSAg2UNWIIRAuXgAJ9fhhY1xxC7jRZbLGZA6ENr3dnTBQCgkdf0\nJ9nA8MJRlM/XVtyj3mbVErg=\n=jujC\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2011-1752\n\n The mod_dav_svn Apache HTTPD server module can be crashed though\n when asked to deliver baselined WebDAV resources. \n\nCVE-2011-1921\n\n The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those\n users. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1. ==========================================================================\nUbuntu Security Notice USN-1144-1\nJune 06, 2011\n\nsubversion vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nAn attacker could send crafted input to the Subversion mod_dav_svn module\nfor Apache and cause it to crash or gain access to restricted files. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nJoe Schaefer discovered that the Subversion mod_dav_svn module for Apache\ndid not properly handle certain baselined WebDAV resource requests. (CVE-2011-1752)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module for Apache\ndid not properly handle certain requests. (CVE-2011-1921)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n libapache2-svn 1.6.12dfsg-4ubuntu2.1\n\nUbuntu 10.10:\n libapache2-svn 1.6.12dfsg-1ubuntu1.3\n\nUbuntu 10.04 LTS:\n libapache2-svn 1.6.6dfsg-2ubuntu1.3\n\nAfter a standard system update you need to restart any applications that\nuse Subversion, such as Apache when using mod_dav_svn, to make all the\nnecessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1783"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1783",
"trust": 3.4
},
{
"db": "BID",
"id": "48091",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "44681",
"trust": 2.7
},
{
"db": "SECTRACK",
"id": "1025618",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "44633",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44849",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44888",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "45162",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-49728",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109373",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101937",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123358",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102118",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101948",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102034",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"id": "VAR-201106-0192",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:42:39.401000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "subversion-1.6.11-7.AXS3.4",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1454"
},
{
"title": "RHSA-2011:0862",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2011-0862.html"
},
{
"title": "CVE-2011-1783-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/CVE-2011-1783-advisory.txt"
},
{
"title": "Subversion 1.6.17 Released",
"trust": 0.8,
"url": "http://svn.haxx.se/dev/archive-2011-06/0030.shtml"
},
{
"title": "Apache Subversion mod_dav_svn Repair measures for infinite loop loopholes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129503"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://secunia.com/advisories/44681"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/48091"
},
{
"trust": 2.2,
"url": "http://subversion.apache.org/security/cve-2011-1783-advisory.txt"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1025618"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44633"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44849"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44888"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/45162"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2012/feb/msg00000.html"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2011/dsa-2251"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-july/062211.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-june/061913.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:106"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0862.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1144-1"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5130"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/repos/asf/subversion/tags/1.6.17/changes"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18889"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1783"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1783"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id/1025618"
},
{
"trust": 0.5,
"url": "http://subversion.apache.org/security/cve-2011-1752-advisory.txt"
},
{
"trust": 0.5,
"url": "http://subversion.apache.org/security/cve-2011-1921-advisory.txt"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1783"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1752"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1921"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100141174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3182"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3249"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0200"
},
{
"trust": 0.1,
"url": "http://trac.roundcube.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4554"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2202"
},
{
"trust": 0.1,
"url": "http://www.freetype.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0241"
},
{
"trust": 0.1,
"url": "http://www.squirrelmail.org/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1938"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1657"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3246"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3248"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1637"
},
{
"trust": 0.1,
"url": "http://subversion.tigris.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3189"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44681"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44681/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4539"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1846"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4539"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1849"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0715"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1752"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1847"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1845"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1884"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1921"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4644"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201309-11.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4277"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1783"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1752.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1783.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-0862.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1921.html"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-4ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.6dfsg-2ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.12dfsg-1ubuntu1.3"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49728"
},
{
"db": "BID",
"id": "48091"
},
{
"db": "PACKETSTORM",
"id": "109373"
},
{
"db": "PACKETSTORM",
"id": "101937"
},
{
"db": "PACKETSTORM",
"id": "123358"
},
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "101948"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-49728"
},
{
"date": "2011-06-02T00:00:00",
"db": "BID",
"id": "48091"
},
{
"date": "2012-02-03T00:24:52",
"db": "PACKETSTORM",
"id": "109373"
},
{
"date": "2011-06-02T05:38:07",
"db": "PACKETSTORM",
"id": "101937"
},
{
"date": "2013-09-23T22:22:00",
"db": "PACKETSTORM",
"id": "123358"
},
{
"date": "2011-06-09T15:11:39",
"db": "PACKETSTORM",
"id": "102118"
},
{
"date": "2010-06-02T12:12:00",
"db": "PACKETSTORM",
"id": "101948"
},
{
"date": "2011-06-07T01:37:58",
"db": "PACKETSTORM",
"id": "102034"
},
{
"date": "2011-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"date": "2011-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"date": "2011-06-06T19:55:01.940000",
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49728"
},
{
"date": "2015-05-07T17:04:00",
"db": "BID",
"id": "48091"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-022"
},
{
"date": "2011-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001722"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-1783"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "102118"
},
{
"db": "PACKETSTORM",
"id": "102034"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Subversion Used in Apache HTTP Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001722"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-022"
}
],
"trust": 0.6
}
}
VAR-202112-1608
Vulnerability from variot - Updated: 2026-03-09 22:40A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
Security Update 2022-004 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213255.
apache Available for: macOS Catalina Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleGraphicsControl Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
AppleScript Available for: macOS Catalina Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
CoreTypes Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Catalina Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
libresolv Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Catalina Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Catalina Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t)
Printing Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Catalina Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Catalina Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Catalina Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
WebKit Available for: macOS Catalina Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Catalina Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Catalina Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Catalina Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
Security Update 2022-004 Catalina may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p rhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0 58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB rjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH 4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ NcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0 NVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm ezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE 9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG PLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF x1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i vrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g= =JBHs -----END PGP SIGNATURE-----
. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 7.6) - noarch, x86_64
- Description:
OpenShift GitOps v1.3.4 on OCP 4.7-4.9 Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):
2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files
- ========================================================================== Ubuntu Security Notice USN-5212-2 January 10, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44790)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm4 apache2-bin 2.4.18-2ubuntu3.17+esm4
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm3 apache2-bin 2.4.7-1ubuntu4.22+esm3
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "tenable.sc",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "5.20.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.3"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"_id": null,
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.52"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"_id": null,
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"_id": null,
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.16.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "cloud backup",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle communications session report manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle communications operations monitor",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "oracle communications session element manager",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e9\u30af\u30eb",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "tenable.sc",
"scope": null,
"trust": 0.8,
"vendor": "tenable",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.51"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166583"
},
{
"db": "PACKETSTORM",
"id": "166581"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
}
],
"trust": 0.6
},
"cve": "CVE-2021-44790",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-44790",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-102386",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-408105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-44790",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-44790",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-44790",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-44790",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-102386",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-1579",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-408105",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44790",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "VULMON",
"id": "CVE-2021-44790"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"description": {
"_id": null,
"data": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina\n\nSecurity Update 2022-004 Catalina addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213255. \n\napache\nAvailable for: macOS Catalina\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleGraphicsControl\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nAppleScript\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nCoreTypes\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Catalina\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nlibresolv\nAvailable for: macOS Catalina\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team\n\nLibreSSL\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26727: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Catalina\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Catalina\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Catalina\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nWebKit\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Catalina\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nPackageKit\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nSecurity Update 2022-004 Catalina may be obtained from the Mac App\nStore or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TYACgkQeC9qKD1p\nrhjgGRAAggg84uE4zYtBHmo5Qz45wlY/+FT7bSyCyo2Ta0m3JQmm26UiS9ZzXlD0\n58jCo/ti+gH/gqwU05SnaG88pSMT6VKaDDnmw8WcrPtbl6NN6JX8vaZLFLoGO0dB\nrjwap7ulcLe7/HM8kCz3qqjKj4fusxckCjmm5yBMtuMklq7i51vzkT/+ws00ALcH\n4S821CqIJlS2RIho/M/pih5A/H1Onw/nzKc7VOWjWMmmwoV+oiL4gMPE9kyIAJFQ\nNcZO7s70Qp9N5Z0VGIkD5HkAntEqYGNKJuCQUrHS0fHFUxVrQcuBbbSiv7vwnOT0\nNVcFKBQWJtfcqmtcDF8mVi2ocqUh7So6AXhZGZtL3CrVfNMgTcjq6y5XwzXMgwlm\nezMX73MnV91QuGp6KVZEmoFNlJ2dhKcJ0fYAhhW9DJqvJ1u5xIkQrUkK/ERLnWpE\n9DIapT8uUbb9Zgez/tS9szv5jHhKtOoPbprju7d7LHw7XMFCVKbUvx745dFZx0AG\nPLsJZQNsQZJIK8QdcLA50KrlyjR2ts4nUsKj07I6LR4wUmcaj+goXYq4Nh4WLnoF\nx1AXD5ztdYlhqMcTAnuAbUYfuki0uzSy0p7wBiTknFwKMZNIaiToo64BES+7Iu1i\nvrB9SdtTSQCMXgPZX1Al1e2F/K2ubovrGU9geAEwLMq3AKudI4g=\n=JBHs\n-----END PGP SIGNATURE-----\n\n\n. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 7.6) - noarch, x86_64\n\n3. Description:\n\nOpenShift GitOps v1.3.4 on OCP 4.7-4.9\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/):\n\n2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files\n\n5. ==========================================================================\nUbuntu Security Notice USN-5212-2\nJanuary 10, 2022\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that the Apache HTTP Server incorrectly handled certain\n forward proxy requests. A remote attacker could use this issue to cause\n the server to crash, resulting in a denial of service, or possibly perform\n a Server Side Request Forgery attack. (CVE-2021-44790)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm4\n apache2-bin 2.4.18-2ubuntu3.17+esm4\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm3\n apache2-bin 2.4.7-1ubuntu4.22+esm3\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44790"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "VULMON",
"id": "CVE-2021-44790"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166583"
},
{
"db": "PACKETSTORM",
"id": "166581"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
}
],
"trust": 3.06
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-408105",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408105"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-44790",
"trust": 4.8
},
{
"db": "TENABLE",
"id": "TNS-2022-01",
"trust": 1.8
},
{
"db": "TENABLE",
"id": "TNS-2022-03",
"trust": 1.8
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/12/20/4",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "171631",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166154",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165501",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165710",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97805418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-102386",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165747",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "165467",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-02",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166583",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0135",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0716",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0836",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0039",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0686",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2352",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0064",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0354",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0171",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0396",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042265",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021122021",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012517",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012334",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010609",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021427",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012003",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060811",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012639",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "51193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-408105",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-44790",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166581",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166576",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "VULMON",
"id": "CVE-2021-44790"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166583"
},
{
"db": "PACKETSTORM",
"id": "166581"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"id": "VAR-202112-1608",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
}
]
},
"last_update_date": "2026-03-09T22:40:59.062000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2023-217",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server buffer overflow vulnerability (CNVD-2021-102386)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/310311"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=175754"
},
{
"title": "Red Hat: Important: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220288 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220303 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221137 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220682 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221136 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221138 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221139 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5035-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=eed1e8ea40feda10ee18daa68a3c5b5a"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1560",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1560"
},
{
"title": "Red Hat: CVE-2021-44790",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-44790"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1737",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1737"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-018"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202201.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-03"
},
{
"title": "Tenable Security Advisories: [R1] Tenable.sc 5.20.0 Fixes Multiple Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-01"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220580 - Security Advisory"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "-CVE-2021-44790",
"trust": 0.1,
"url": "https://github.com/nuPacaChi/-CVE-2021-44790 "
},
{
"title": "SnykDesk",
"trust": 0.1,
"url": "https://github.com/cretlaw/SnykDesk "
},
{
"title": "emo_emo",
"trust": 0.1,
"url": "https://github.com/emotest1/emo_emo "
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULMON",
"id": "CVE-2021-44790"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/171631/apache-2.4.x-buffer-overflow.html"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97805418/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bfswoh4x77cv7ah7c4rmhubdwkqdl4yh/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0686"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166583/red-hat-security-advisory-2022-1137-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010609"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042265"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0064"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021427"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165710/red-hat-security-advisory-2022-0258-02.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165501/ubuntu-security-notice-usn-5212-2.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012517"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012639"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0716"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0836"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0039"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012334"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0135"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0354"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165747/red-hat-security-advisory-2022-0303-02.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0396"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/51193"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0171"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060811"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-buffer-overflow-via-mod-lua-multipart-content-37112"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166154/red-hat-security-advisory-2022-0682-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165467/ubuntu-security-notice-usn-5212-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021122021"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012003"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22720"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0288"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nupacachi/-cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213255."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26714"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26748"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26720"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26746"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1137"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1139"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24348"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0258"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5212-2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102386"
},
{
"db": "VULHUB",
"id": "VHN-408105"
},
{
"db": "VULMON",
"id": "CVE-2021-44790"
},
{
"db": "PACKETSTORM",
"id": "167189"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "166583"
},
{
"db": "PACKETSTORM",
"id": "166581"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166154"
},
{
"db": "PACKETSTORM",
"id": "165710"
},
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
},
{
"db": "NVD",
"id": "CVE-2021-44790"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102386",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-408105",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-44790",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167189",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165587",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166583",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166581",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166576",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166154",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165710",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165501",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016455",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-44790",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102386",
"ident": null
},
{
"date": "2021-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-408105",
"ident": null
},
{
"date": "2021-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44790",
"ident": null
},
{
"date": "2022-05-17T16:59:55",
"db": "PACKETSTORM",
"id": "167189",
"ident": null
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587",
"ident": null
},
{
"date": "2022-04-04T14:36:52",
"db": "PACKETSTORM",
"id": "166583",
"ident": null
},
{
"date": "2022-04-04T14:36:10",
"db": "PACKETSTORM",
"id": "166581",
"ident": null
},
{
"date": "2022-04-04T14:30:33",
"db": "PACKETSTORM",
"id": "166576",
"ident": null
},
{
"date": "2022-02-28T16:18:23",
"db": "PACKETSTORM",
"id": "166154",
"ident": null
},
{
"date": "2022-01-26T15:06:30",
"db": "PACKETSTORM",
"id": "165710",
"ident": null
},
{
"date": "2022-01-10T17:59:29",
"db": "PACKETSTORM",
"id": "165501",
"ident": null
},
{
"date": "2021-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1579",
"ident": null
},
{
"date": "2022-12-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016455",
"ident": null
},
{
"date": "2021-12-20T12:15:07.440000",
"db": "NVD",
"id": "CVE-2021-44790",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102386",
"ident": null
},
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-408105",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44790",
"ident": null
},
{
"date": "2023-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-1579",
"ident": null
},
{
"date": "2023-12-12T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-016455",
"ident": null
},
{
"date": "2025-05-01T15:38:06.313000",
"db": "NVD",
"id": "CVE-2021-44790",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "165501"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 of \u00a0mod_lua\u00a0 Buffer overflow vulnerability in multipart parser",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016455"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-1579"
}
],
"trust": 0.6
}
}
VAR-202203-0072
Vulnerability from variot - Updated: 2026-03-09 22:40Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256.
apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721
AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team
AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher
AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro
CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e)
CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori
DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)
Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic)
Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg)
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero
LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing
LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e)
libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team
LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778
libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308
OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778
PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t)
Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics
Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs
SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger
SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher
Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e)
Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128
WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com)
Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher
Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval
zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530
zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy
zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444
Additional recognition
Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance.
macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:1045-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1045 Issue date: 2022-03-24 CVE Names: CVE-2022-22720 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.5.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.5.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.5.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.5.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64.rpm mod_session-2.4.6-97.el7_9.5.ppc64.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.5.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm mod_session-2.4.6-97.el7_9.5.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.5.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm httpd-devel-2.4.6-97.el7_9.5.s390x.rpm httpd-tools-2.4.6-97.el7_9.5.s390x.rpm mod_session-2.4.6-97.el7_9.5.s390x.rpm mod_ssl-2.4.6-97.el7_9.5.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm mod_ldap-2.4.6-97.el7_9.5.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.5.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.5.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.5.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm httpd-devel-2.4.6-97.el7_9.5.x86_64.rpm httpd-tools-2.4.6-97.el7_9.5.x86_64.rpm mod_session-2.4.6-97.el7_9.5.x86_64.rpm mod_ssl-2.4.6-97.el7_9.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm mod_ldap-2.4.6-97.el7_9.5.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-22720 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. 7.6) - noarch, x86_64
- ========================================================================= Ubuntu Security Notice USN-5333-2 March 17, 2022
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22721)
Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. (CVE-2022-23943)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm5 apache2-bin 2.4.18-2ubuntu3.17+esm5
Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm4 apache2-bin 2.4.7-1ubuntu4.22+esm4
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus primary server base",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": null,
"trust": 1.6,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"_id": null,
"model": "macos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"_id": null,
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.6"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"_id": null,
"model": "hitachi navigation platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "actsecure \u30dd\u30fc\u30bf\u30eb",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "hitachi it operations director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi ops center api configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer 01",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "jp1/navigation platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional for plug-in",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server express",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi ops center analyzer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi application server for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi ops center automator",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server-r",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform - messaging",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "connexive application platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "hitachi web server - custom edition",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "hitachi navigation platform for developers",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "spoolserver/reportfiling",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "iot \u5171\u901a\u57fa\u76e4",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "jp1/service level management",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "witchymail",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "connexive pf",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u672c\u96fb\u6c17",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi web server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "\u65e5\u7acb\u9ad8\u4fe1\u983c\u30b5\u30fc\u30d0 rv3000",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi ops center viewpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"_id": null,
"model": "hitachi automation director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "NVD",
"id": "CVE-2022-22720"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "166457"
},
{
"db": "PACKETSTORM",
"id": "166528"
},
{
"db": "PACKETSTORM",
"id": "166805"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166488"
},
{
"db": "PACKETSTORM",
"id": "166501"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22720",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22720",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411396",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22720",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-22720",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22720",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-22720",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1236",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411396",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22720",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
},
{
"db": "VULMON",
"id": "CVE-2022-22720"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "NVD",
"id": "CVE-2022-22720"
}
]
},
"description": {
"_id": null,
"data": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details were provided at this time. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6\n\nmacOS Big Sur 11.6.6 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213256. \n\napache\nAvailable for: macOS Big Sur\nImpact: Multiple issues in apache\nDescription: Multiple issues were addressed by updating apache to\nversion 2.4.53. \nCVE-2021-44224\nCVE-2021-44790\nCVE-2022-22719\nCVE-2022-22720\nCVE-2022-22721\n\nAppKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2022-22665: Lockheed Martin Red Team\n\nAppleAVD\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-22675: an anonymous researcher\n\nAppleGraphicsControl\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day\nInitiative\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-26698: Qi Sun of Trend Micro\n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26697: Qi Sun and Robert Ai of Trend Micro\n\nCoreTypes\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved checks to prevent\nunauthorized actions. \nCVE-2022-22663: Arsenii Kostromin (0x3c3e)\n\nCVMS\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to gain root privileges\nDescription: A memory initialization issue was addressed. \nCVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori\nCVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori\n\nDriverKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: An out-of-bounds access issue was addressed with\nimproved bounds checking. \nCVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A local user may be able to read kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2022-22674: an anonymous researcher\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26720: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26770: Liu Long of Ant Security Light-Year Lab\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26756: Jack Dates of RET2 Systems, Inc\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26769: Antonio Zekic (@antoniozekic)\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro\nZero Day Initiative\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-26768: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26714: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng (@peternguyen14) of STAR Labs\n(@starlabs_sg)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-26757: Ned Williamson of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: The issue was addressed with additional permissions\nchecks. \nCVE-2022-26767: Wojciech Regu\u0142a (@_r3ggi) of SecuRing\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with additional sandbox\nrestrictions on third-party applications. \nCVE-2022-26706: Arsenii Kostromin (0x3c3e)\n\nlibresolv\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms)\nof the Google Security Team\n\nLibreSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2022-0778\n\nlibxml2\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2022-23308\n\nOpenSSL\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted certificate may lead to a\ndenial of service\nDescription: This issue was addressed with improved checks. \nCVE-2022-0778\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26712: Mickey Jin (@patch1t)\n\nPrinting\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2022-26746: @gorelics\n\nSecurity\nAvailable for: macOS Big Sur\nImpact: A malicious app may be able to bypass signature validation\nDescription: A certificate parsing issue was addressed with improved\nchecks. \nCVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de)\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-26718: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSMB\nAvailable for: macOS Big Sur\nImpact: Mounting a maliciously crafted Samba network share may lead\nto arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2022-26723: Felix Poulin-Belanger\n\nSMB\nAvailable for: macOS Big Sur\nImpact: An application may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-26715: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to access restricted\nfiles\nDescription: This issue was addressed with improved entitlements. \nCVE-2022-26728: Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: An app may be able to capture a user\u0027s screen\nDescription: This issue was addressed with improved checks. \nCVE-2022-26726: an anonymous researcher\n\nTcl\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to break out of its\nsandbox\nDescription: This issue was addressed with improved environment\nsanitization. \nCVE-2022-26755: Arsenii Kostromin (0x3c3e)\n\nVim\nAvailable for: macOS Big Sur\nImpact: Multiple issues in Vim\nDescription: Multiple issues were addressed by updating Vim. \nCVE-2021-4136\nCVE-2021-4166\nCVE-2021-4173\nCVE-2021-4187\nCVE-2021-4192\nCVE-2021-4193\nCVE-2021-46059\nCVE-2022-0128\n\nWebKit\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted mail message may lead to\nrunning arbitrary javascript\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu\nof Palo Alto Networks (paloaltonetworks.com)\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A malicious application may disclose restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-26745: an anonymous researcher\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2022-26761: Wang Yu of Cyberserval\n\nzip\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may lead to a denial of\nservice\nDescription: A denial of service issue was addressed with improved\nstate handling. \nCVE-2022-0530\n\nzlib\nAvailable for: macOS Big Sur\nImpact: An attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2018-25032: Tavis Ormandy\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: This issue was addressed by updating to zsh version\n5.8.1. \nCVE-2021-45444\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Jann Horn of Project Zero for their\nassistance. \n\nmacOS Big Sur 11.6.6 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p\nrhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er\nK8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW\nqtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/\nvZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP\nyXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj\nSY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR\nVZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF\naC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc\nR2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO\nzymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4\nd22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o=\n=rtPl\n-----END PGP SIGNATURE-----\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:1045-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1045\nIssue date: 2022-03-24\nCVE Names: CVE-2022-22720\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.5.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.5.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm\nmod_session-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.5.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.5.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm\nmod_session-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.5.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.5.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.5.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.5.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.5.ppc64.rpm\nmod_session-2.4.6-97.el7_9.5.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.5.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.5.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.5.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.5.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.5.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.5.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.5.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.5.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.5.s390x.rpm\nmod_session-2.4.6-97.el7_9.5.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.5.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.5.x86_64.rpm\nmod_session-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.5.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.5.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.5.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.5.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.5.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.5.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.5.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.5.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.5.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.5.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.5.x86_64.rpm\nmod_session-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.5.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.5.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-22720\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Apache\nHTTP Server 2.4.37 Service Pack 10 and includes bug fixes and enhancements. \nRefer to the Release Notes for information on the most significant bug\nfixes and enhancements included in this release. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. 7.6) - noarch, x86_64\n\n3. =========================================================================\nUbuntu Security Notice USN-5333-2\nMarch 17, 2022\n\napache2 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. \n\nOriginal advisory details:\n\n Chamal De Silva discovered that the Apache HTTP Server mod_lua module\n incorrectly handled certain crafted request bodies. A remote attacker could\n possibly use this issue to cause the server to crash, resulting in a denial\n of service. (CVE-2022-22721)\n\n Ronald Crane discovered that the Apache HTTP Server mod_sed module\n incorrectly handled memory. (CVE-2022-23943)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm5\n apache2-bin 2.4.18-2ubuntu3.17+esm5\n\nUbuntu 14.04 ESM:\n apache2 2.4.7-1ubuntu4.22+esm4\n apache2-bin 2.4.7-1ubuntu4.22+esm4\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22720"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "VULHUB",
"id": "VHN-411396"
},
{
"db": "VULMON",
"id": "CVE-2022-22720"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "166457"
},
{
"db": "PACKETSTORM",
"id": "166528"
},
{
"db": "PACKETSTORM",
"id": "166805"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166488"
},
{
"db": "PACKETSTORM",
"id": "166501"
},
{
"db": "PACKETSTORM",
"id": "166365"
}
],
"trust": 2.52
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-411396",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-22720",
"trust": 4.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/03/14/3",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "166501",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166365",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166457",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166528",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU99602154",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166355",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167189",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-02",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2411",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2376",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2352",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1077",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1328",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1270",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1158",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1269",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166584",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166803",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032432",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050324",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072204",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031727",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032127",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042138",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051703",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032924",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031504",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032819",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167188",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166488",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166492",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "167186",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-51061",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411396",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22720",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166805",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "166576",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
},
{
"db": "VULMON",
"id": "CVE-2022-22720"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "166457"
},
{
"db": "PACKETSTORM",
"id": "166528"
},
{
"db": "PACKETSTORM",
"id": "166805"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166488"
},
{
"db": "PACKETSTORM",
"id": "166501"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "NVD",
"id": "CVE-2022-22720"
}
]
},
"id": "VAR-202203-0072",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
}
],
"trust": 0.28666667
},
"last_update_date": "2026-03-09T22:40:58.795000Z",
"patch": {
"_id": null,
"data": [
{
"title": "hitachi-sec-2022-142",
"trust": 0.8,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Apache HTTP Server Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186364"
},
{
"title": "Red Hat: Important: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221049 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221080 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221173 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221102 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221045 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd24-httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221075 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221072 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221137 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221136 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221138 - Security Advisory"
},
{
"title": "Red Hat: Important: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221139 - Security Advisory"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-22720"
},
{
"title": "Ubuntu Security Notice: USN-5333-2: Apache HTTP Server vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5333-2"
},
{
"title": "Ubuntu Security Notice: USN-5333-1: Apache HTTP Server vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5333-1"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1584",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1584"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221390 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP11 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221389 - Security Advisory"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-119"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-128"
},
{
"title": "Hitachi Security Advisories: Vulnerability in JP1 and Hitachi IT Operations Director",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-142"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1783",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1783"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-053",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-053"
},
{
"title": "Apple: macOS Monterey 12.4",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=73857ee26a600b1527481f1deacc0619"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22720"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-444",
"trust": 1.1
},
{
"problemtype": "HTTP Request Smuggling (CWE-444) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "NVD",
"id": "CVE-2022-22720"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20220321-0001/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213255"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213256"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht213257"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/38"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/35"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2022/may/33"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 1.2,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22720"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99602154/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/z7h26wj6tpknwv3qky4bhkukqvutzjtd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/x73c35mmmzgbvpqqch7lqzumyznqa5fo/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rgwilbort67shmslysqzg2nmxgcmpuzo/"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1158"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032819"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1234"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1077"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031727"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060706"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1270"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166584/red-hat-security-advisory-2022-1173-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166528/red-hat-security-advisory-2022-1102-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166803/red-hat-security-advisory-2022-1390-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031416"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2376"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1328"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2411"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032127"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1269"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051703"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072204"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032924"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166355/ubuntu-security-notice-usn-5333-1.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-information-disclosure-via-unclosed-inbound-connection-37793"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22720/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042138"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167189/apple-security-advisory-2022-05-16-4.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166365/ubuntu-security-notice-usn-5333-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166457/red-hat-security-advisory-2022-1045-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031504"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166501/red-hat-security-advisory-2022-1075-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032432"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050324"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5333-2"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1049"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22674"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213256."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26698"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26706"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26712"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4166"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1045"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1102"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0778"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3516"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1136"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1072"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1075"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5333-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411396"
},
{
"db": "VULMON",
"id": "CVE-2022-22720"
},
{
"db": "PACKETSTORM",
"id": "167188"
},
{
"db": "PACKETSTORM",
"id": "166457"
},
{
"db": "PACKETSTORM",
"id": "166528"
},
{
"db": "PACKETSTORM",
"id": "166805"
},
{
"db": "PACKETSTORM",
"id": "166576"
},
{
"db": "PACKETSTORM",
"id": "166488"
},
{
"db": "PACKETSTORM",
"id": "166501"
},
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
},
{
"db": "NVD",
"id": "CVE-2022-22720"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-411396",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-22720",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167188",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166457",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166528",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166805",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166576",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166488",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166501",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001479",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-22720",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-411396",
"ident": null
},
{
"date": "2022-03-14T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22720",
"ident": null
},
{
"date": "2022-05-17T16:59:42",
"db": "PACKETSTORM",
"id": "167188",
"ident": null
},
{
"date": "2022-03-25T15:21:09",
"db": "PACKETSTORM",
"id": "166457",
"ident": null
},
{
"date": "2022-03-29T17:15:37",
"db": "PACKETSTORM",
"id": "166528",
"ident": null
},
{
"date": "2022-04-21T15:10:14",
"db": "PACKETSTORM",
"id": "166805",
"ident": null
},
{
"date": "2022-04-04T14:30:33",
"db": "PACKETSTORM",
"id": "166576",
"ident": null
},
{
"date": "2022-03-28T15:52:08",
"db": "PACKETSTORM",
"id": "166488",
"ident": null
},
{
"date": "2022-03-28T15:55:12",
"db": "PACKETSTORM",
"id": "166501",
"ident": null
},
{
"date": "2022-03-18T15:34:37",
"db": "PACKETSTORM",
"id": "166365",
"ident": null
},
{
"date": "2022-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1236",
"ident": null
},
{
"date": "2022-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001479",
"ident": null
},
{
"date": "2022-03-14T11:15:09.083000",
"db": "NVD",
"id": "CVE-2022-22720",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-11-02T00:00:00",
"db": "VULHUB",
"id": "VHN-411396",
"ident": null
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22720",
"ident": null
},
{
"date": "2022-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1236",
"ident": null
},
{
"date": "2023-12-12T07:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-001479",
"ident": null
},
{
"date": "2024-11-21T06:47:18.963000",
"db": "NVD",
"id": "CVE-2022-22720",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "166365"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001479"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1236"
}
],
"trust": 0.6
}
}
VAR-201111-0207
Vulnerability from variot - Updated: 2026-03-09 22:18The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. This vulnerability CVE-2011-3368 Vulnerability due to incomplete fix.By a third party @ ( At sign ) Including, and : ( colon ) Incorrectly positioned, malformed URI A request may be sent to an intranet server via. Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03360041 Version: 1
HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-06-26 Last Updated: 2012-06-26
Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code.
References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure), SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux and Windows.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided HP System Management Homepage v7.1.1 or subsequent to resolve the vulnerabilities. HP System Management Homepage v7.1.1 is available here:
HP System Management Homepage for Windows x64
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab 0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Windows x86
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7 c0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (AMD64/EM64T)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18 d373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HP System Management Homepage for Linux (x86)
[Download here] or enter the following URL into the browser address window.
http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail s/?sp4ts.oid=4091409&spf_p.tpst=psiSwdMain&spf_p.prp_psiSwdMain=wsrp-navigati onalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa meId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e 8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument&javax.p ortlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vign ette.cachetoken
HISTORY Version:1 (rev.1) 26 June 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5 6IwAoPw4DI3YBCclyWuRekae7EFscAy0 =zd3u -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] httpd (SSA:2012-041-01)
New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. ) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] ) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] ) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] ) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. PR 52256. [Rainer Canavan ] ) SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. [Joe Orton] ) SECURITY: CVE-2012-0053 (cve.mitre.org) Fix an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz
Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz
Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 12.0 packages: 3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz 86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz
Slackware 12.1 packages: aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz 1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz
Slackware 12.2 packages: f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz 18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz
Slackware 13.0 packages: d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz 0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz 1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz 49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz 1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz 783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz 8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz
Slackware -current packages: e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz 97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz
Slackware x86_64 -current packages: 55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz 09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz
Then, restart the httpd daemon.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ============================================================================ Ubuntu Security Notice USN-1368-1 February 16, 2012
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607)
Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. (CVE-2011-4317)
Rainer Canavan discovered that the mod_log_config module incorrectly handled a certain format string when used with a threaded MPM. A remote attacker could exploit this to cause a denial of service via a specially- crafted cookie. (CVE-2012-0021)
It was discovered that the Apache HTTP Server incorrectly handled certain type fields within a scoreboard shared memory segment. A local attacker could exploit this to to cause a denial of service. (CVE-2012-0031)
Norman Hippert discovered that the Apache HTTP Server incorrecly handled header information when returning a Bad Request (400) error page. A remote attacker could exploit this to obtain the values of certain HTTPOnly cookies. (CVE-2012-0053)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.2
Ubuntu 11.04: apache2.2-common 2.2.17-1ubuntu1.5
Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.5
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.8
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.23
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1368-1 CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
Package Information: https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2 https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5 https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8 https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:003 http://www.mandriva.com/security/
Package : apache Date : January 10, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow (CVE-2011-3607).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
Updated Packages:
Mandriva Linux 2010.1: 47721c86104358598ddc96c7e93cbdf8 2010.1/i586/apache-base-2.2.15-3.6mdv2010.2.i586.rpm c4029cf90932f6c6d864cc3d91750bca 2010.1/i586/apache-devel-2.2.15-3.6mdv2010.2.i586.rpm 1f9554a4bdb15089b2711b77fe927c61 2010.1/i586/apache-htcacheclean-2.2.15-3.6mdv2010.2.i586.rpm 8d1d86c9b9737d244fde84560718d8e4 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.i586.rpm d33b4789fd1effc6222440d4cd04dd9e 2010.1/i586/apache-mod_cache-2.2.15-3.6mdv2010.2.i586.rpm 634a44c3077bf6b56a19ba2ee367c7ec 2010.1/i586/apache-mod_dav-2.2.15-3.6mdv2010.2.i586.rpm e6d01a8e87b87234c6ac49aa9491aa6f 2010.1/i586/apache-mod_dbd-2.2.15-3.6mdv2010.2.i586.rpm 8a062c3d3255701c066879d4092f70be 2010.1/i586/apache-mod_deflate-2.2.15-3.6mdv2010.2.i586.rpm 9c8a07706f25f84c7fb1deadd948a754 2010.1/i586/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.i586.rpm 8bc3e2eea57fb63efb5b184e11ca8f1b 2010.1/i586/apache-mod_file_cache-2.2.15-3.6mdv2010.2.i586.rpm 498bc63dfedfa9021a0dd91b6ffed359 2010.1/i586/apache-mod_ldap-2.2.15-3.6mdv2010.2.i586.rpm 586c31feb7fb7ca857ef7ee45bf9aebf 2010.1/i586/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.i586.rpm 308a280dc26817b96a6845bc7578c3db 2010.1/i586/apache-mod_proxy-2.2.15-3.6mdv2010.2.i586.rpm 328ac2fe0f4e22d6fe07ae7f70a52fe2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.i586.rpm 930c0accae0dd1f5a575d3585c323ac9 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.i586.rpm 2a5777c4e69db66cc2ae0415aaa0dc9f 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.i586.rpm 66b7801aa2e0c5dca2615ccdafed173e 2010.1/i586/apache-mod_ssl-2.2.15-3.6mdv2010.2.i586.rpm 8d9053f7c60598e3e9fd7a31c2ddaf87 2010.1/i586/apache-modules-2.2.15-3.6mdv2010.2.i586.rpm 8fad2bd2b81936e4d56feac1c7a4a241 2010.1/i586/apache-mod_userdir-2.2.15-3.6mdv2010.2.i586.rpm 12cf47a671ecc70457b74d77da1e976b 2010.1/i586/apache-mpm-event-2.2.15-3.6mdv2010.2.i586.rpm 97f21f06c7a6b92c4c31c97b0f3ab060 2010.1/i586/apache-mpm-itk-2.2.15-3.6mdv2010.2.i586.rpm 17a097d14ee2d2eb8d9f5d4f1b9c1843 2010.1/i586/apache-mpm-peruser-2.2.15-3.6mdv2010.2.i586.rpm 5b488c7767f3c922f36de062e230de3d 2010.1/i586/apache-mpm-prefork-2.2.15-3.6mdv2010.2.i586.rpm 1c8974dfcec0aa5b8d8260c258d6df49 2010.1/i586/apache-mpm-worker-2.2.15-3.6mdv2010.2.i586.rpm f8ed0cb6600be8c3ec1f2b802a7c0eed 2010.1/i586/apache-source-2.2.15-3.6mdv2010.2.i586.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 04a6488038ca1a84d7e91ce51e4d677f 2010.1/x86_64/apache-base-2.2.15-3.6mdv2010.2.x86_64.rpm 2ba4bd05b46725f127e5b2033fd51667 2010.1/x86_64/apache-devel-2.2.15-3.6mdv2010.2.x86_64.rpm f351ed5721f1b05a6b7dc87ed7aa7a69 2010.1/x86_64/apache-htcacheclean-2.2.15-3.6mdv2010.2.x86_64.rpm 153c76dacd12ef6981827213ec0c8772 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 7ed6d7c584fc0eb78303e39ed60b4a73 2010.1/x86_64/apache-mod_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 5a3617389d5a007ecf3dfa4f5ab91b85 2010.1/x86_64/apache-mod_dav-2.2.15-3.6mdv2010.2.x86_64.rpm 93edc8b77815d7cba4373419cb8f5a59 2010.1/x86_64/apache-mod_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm 6e5e5caf00902784efdf13c10939db9d 2010.1/x86_64/apache-mod_deflate-2.2.15-3.6mdv2010.2.x86_64.rpm 4a0347d7d0670c0538d2682dfe9e1e53 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 8bcc135e98c375d28c3afcd629535a4a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 214355942ac62028f2697d82906b3920 2010.1/x86_64/apache-mod_ldap-2.2.15-3.6mdv2010.2.x86_64.rpm d9701a16932c1d36f3551fd0ad99ac0f 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.x86_64.rpm 0514e08540031d1a8fc22420440cf2eb 2010.1/x86_64/apache-mod_proxy-2.2.15-3.6mdv2010.2.x86_64.rpm 564d18314a970303342fa5ef1f5bcd23 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.x86_64.rpm d77370118f402a18bd465508b9ae74c1 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.x86_64.rpm fe3a57456ddb162f53ec86b64aa0f218 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.x86_64.rpm b880b8406d1a500a9f4503c06fcfe072 2010.1/x86_64/apache-mod_ssl-2.2.15-3.6mdv2010.2.x86_64.rpm 3392607a02a34b7a53207feb7ed73498 2010.1/x86_64/apache-modules-2.2.15-3.6mdv2010.2.x86_64.rpm f06a2e4cac81365e5c73e365b0f35abe 2010.1/x86_64/apache-mod_userdir-2.2.15-3.6mdv2010.2.x86_64.rpm 3d13698fac6a6dfdafa026b1152a5b1c 2010.1/x86_64/apache-mpm-event-2.2.15-3.6mdv2010.2.x86_64.rpm 16ba47b4fea6f39569be110bbcfaedb6 2010.1/x86_64/apache-mpm-itk-2.2.15-3.6mdv2010.2.x86_64.rpm f24cd380dad81a610d73419eaeb86e04 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.6mdv2010.2.x86_64.rpm d170fad92e75077db15fd802be9deda2 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.6mdv2010.2.x86_64.rpm d967b2e614babf85b3df09589e6978e2 2010.1/x86_64/apache-mpm-worker-2.2.15-3.6mdv2010.2.x86_64.rpm 2c7f977cb7a7494a3e7f020c591b5bea 2010.1/x86_64/apache-source-2.2.15-3.6mdv2010.2.x86_64.rpm 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm
Mandriva Linux 2011: 627e6ab0f50fa35c7a639626e23a38a3 2011/i586/apache-base-2.2.21-0.4-mdv2011.0.i586.rpm f834f9e39003d30ee6d2e2b7b3c6253c 2011/i586/apache-devel-2.2.21-0.4-mdv2011.0.i586.rpm e96cfc5498ea7afca1fe2b22168d3259 2011/i586/apache-htcacheclean-2.2.21-0.4-mdv2011.0.i586.rpm f6700e8a1bc0a6a34b18f5ed091231e3 2011/i586/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 8d37dfd4133c3078702921a517f726b7 2011/i586/apache-mod_cache-2.2.21-0.4-mdv2011.0.i586.rpm 49ce15b00c473c0ff39f54d5741e91a5 2011/i586/apache-mod_dav-2.2.21-0.4-mdv2011.0.i586.rpm 42cb7d2f579c14bfb8682a0b8174603f 2011/i586/apache-mod_dbd-2.2.21-0.4-mdv2011.0.i586.rpm 35fcf3b213505b161067e8ba65cbfe2a 2011/i586/apache-mod_deflate-2.2.21-0.4-mdv2011.0.i586.rpm 2d8ee244d999ddcf58afb5f92de698f4 2011/i586/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.i586.rpm b2e589ebe2292ea479929203fc3059f2 2011/i586/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.i586.rpm a1506320b89211bd3bbb8f996593e094 2011/i586/apache-mod_ldap-2.2.21-0.4-mdv2011.0.i586.rpm 7ec9927d7efccf86308be53a56c8e1ec 2011/i586/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.i586.rpm 529d3fdcc50ec7f84e8fd4053d79e939 2011/i586/apache-mod_proxy-2.2.21-0.4-mdv2011.0.i586.rpm dff350fe73e8206df27faf0590062278 2011/i586/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.i586.rpm 91e931c21077f11a1af420edb86c14b4 2011/i586/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.i586.rpm c75091575000eee79711cbc988670d0d 2011/i586/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.i586.rpm a3953933158f467b931f77939a8802f5 2011/i586/apache-mod_ssl-2.2.21-0.4-mdv2011.0.i586.rpm 3217a4a46e1b449cfef57e07a487127a 2011/i586/apache-modules-2.2.21-0.4-mdv2011.0.i586.rpm 996837cadafe02b3f3e451c30a81839d 2011/i586/apache-mod_userdir-2.2.21-0.4-mdv2011.0.i586.rpm 35b55759125bc4075676160ec82e6da4 2011/i586/apache-mpm-event-2.2.21-0.4-mdv2011.0.i586.rpm 7f73f3385505743b62016050e18e1d95 2011/i586/apache-mpm-itk-2.2.21-0.4-mdv2011.0.i586.rpm a87bd2119895110b0483548236319418 2011/i586/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.i586.rpm da6507b8694c0d83c697e3438cc14f99 2011/i586/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.i586.rpm 31e5c55aab89b2ac1b8e35d4694a6157 2011/i586/apache-mpm-worker-2.2.21-0.4-mdv2011.0.i586.rpm fc55eb6d0e4c1064b9712f8dfee0c9a2 2011/i586/apache-source-2.2.21-0.4-mdv2011.0.i586.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm
Mandriva Linux 2011/X86_64: 256f14e15bc11b9f2e117237a0afcecd 2011/x86_64/apache-base-2.2.21-0.4-mdv2011.0.x86_64.rpm 1811331e8129fbb841591ead6d66fb3a 2011/x86_64/apache-devel-2.2.21-0.4-mdv2011.0.x86_64.rpm 2169f3ab56b419e32cdd0c6374280609 2011/x86_64/apache-htcacheclean-2.2.21-0.4-mdv2011.0.x86_64.rpm 3eb90fce534439380f8c200f212b80d1 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm d7e9ccdb75d0f0cd938b11bf0b34ea75 2011/x86_64/apache-mod_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 22f9c708f1f1a7111306b96f2f7a2f16 2011/x86_64/apache-mod_dav-2.2.21-0.4-mdv2011.0.x86_64.rpm 9006ed39d4482543acbc0a306d1c98b9 2011/x86_64/apache-mod_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm ac342440d76088ce12784eaec8a04cfd 2011/x86_64/apache-mod_deflate-2.2.21-0.4-mdv2011.0.x86_64.rpm fe98d140fb40902b6e9e8d6209b7ee6e 2011/x86_64/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 5fddef6bf9280f38f4758840c20500d0 2011/x86_64/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm 3035cd294b73d3419a4a8bc911c95b59 2011/x86_64/apache-mod_ldap-2.2.21-0.4-mdv2011.0.x86_64.rpm e045b1f053add604a46b20c0f33654e4 2011/x86_64/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm ecdced72ed663ff13abc879888f2a369 2011/x86_64/apache-mod_proxy-2.2.21-0.4-mdv2011.0.x86_64.rpm 33dbc278cf903e327492485eb93421c0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.x86_64.rpm 668df865cf090bc56386119ffbf69009 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.x86_64.rpm f4ffe3b3c6ea342b92f6ff616be3242f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.x86_64.rpm 2a459d496bcfda4a902bf5ba160005b0 2011/x86_64/apache-mod_ssl-2.2.21-0.4-mdv2011.0.x86_64.rpm ffefbf2ceabca42e49e3985bb985880f 2011/x86_64/apache-modules-2.2.21-0.4-mdv2011.0.x86_64.rpm d4bfe84a86bd688730666e116df26062 2011/x86_64/apache-mod_userdir-2.2.21-0.4-mdv2011.0.x86_64.rpm 417d6c12ec5d7580ae209a439307e0c1 2011/x86_64/apache-mpm-event-2.2.21-0.4-mdv2011.0.x86_64.rpm 3580eac20ad0954ec9c9e148070cde92 2011/x86_64/apache-mpm-itk-2.2.21-0.4-mdv2011.0.x86_64.rpm 34c074464e9776093c6fd8b0b00d277d 2011/x86_64/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.x86_64.rpm 77fe238e2acd3e9f50a0c6b4e70dbd91 2011/x86_64/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.x86_64.rpm 530632e85e3a1c56aeb5c22b59d51074 2011/x86_64/apache-mpm-worker-2.2.21-0.4-mdv2011.0.x86_64.rpm 54ae3219fe5921167de58e02d1709136 2011/x86_64/apache-source-2.2.21-0.4-mdv2011.0.x86_64.rpm fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm
Mandriva Enterprise Server 5: 694c14ac1aa725219116cf0821bccd4d mes5/i586/apache-base-2.2.9-12.15mdvmes5.2.i586.rpm b78fcfdd2dcba4e1bbb2445850d309a6 mes5/i586/apache-devel-2.2.9-12.15mdvmes5.2.i586.rpm d0df79579e11145dc6222c7be498a08b mes5/i586/apache-htcacheclean-2.2.9-12.15mdvmes5.2.i586.rpm 41bc754f609edd0585e87bfeae433ad0 mes5/i586/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 4ed0091207ac154c47948b14937d8419 mes5/i586/apache-mod_cache-2.2.9-12.15mdvmes5.2.i586.rpm 98ec70cb55cc2d6cfe75e555827e09f6 mes5/i586/apache-mod_dav-2.2.9-12.15mdvmes5.2.i586.rpm 0b57ad40a88d289ff7e93dbee8f7029c mes5/i586/apache-mod_dbd-2.2.9-12.15mdvmes5.2.i586.rpm 60ffbd92bf1c64f9f5d9de84fc1ea3a9 mes5/i586/apache-mod_deflate-2.2.9-12.15mdvmes5.2.i586.rpm 96acedbceae6f50795f5f8eb83bf0894 mes5/i586/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.i586.rpm 2faa60da5066030c6e1739bcd2e0c186 mes5/i586/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.i586.rpm d8dd234832a23fd7b8fe89b3ab2912ec mes5/i586/apache-mod_ldap-2.2.9-12.15mdvmes5.2.i586.rpm 192b0318fcc0149886d2bf65ca3eb7a0 mes5/i586/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.i586.rpm c5e14efbac8f535f9d47d71e15210ece mes5/i586/apache-mod_proxy-2.2.9-12.15mdvmes5.2.i586.rpm 86b9b67a3de9e2b3cb90369d74b259eb mes5/i586/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.i586.rpm 23771d89269201a8d41aad22ed7dd9fe mes5/i586/apache-mod_ssl-2.2.9-12.15mdvmes5.2.i586.rpm a9fe76cd2785c8baeb1a4cc24a9e9580 mes5/i586/apache-modules-2.2.9-12.15mdvmes5.2.i586.rpm b156b74e9d0b3f028ec422be7770c61b mes5/i586/apache-mod_userdir-2.2.9-12.15mdvmes5.2.i586.rpm ae57012ad1bfe385be299692f6b70cc1 mes5/i586/apache-mpm-event-2.2.9-12.15mdvmes5.2.i586.rpm 509a7cb7af1ac015b3b383058dc3d460 mes5/i586/apache-mpm-itk-2.2.9-12.15mdvmes5.2.i586.rpm 0f16651ec38ae7d878fe4a2368ee9d54 mes5/i586/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.i586.rpm 7e1c86769e9c7869f0b8636f458ec627 mes5/i586/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.i586.rpm 35ea9692f732f36905a86fb4dba9cdda mes5/i586/apache-mpm-worker-2.2.9-12.15mdvmes5.2.i586.rpm 1a8cac6533373a9fd3faa3b79599c088 mes5/i586/apache-source-2.2.9-12.15mdvmes5.2.i586.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 0ae1d7f13adab27acc8b786e95915c14 mes5/x86_64/apache-base-2.2.9-12.15mdvmes5.2.x86_64.rpm 1bd7812000e4f71ddd083300f004e8bd mes5/x86_64/apache-devel-2.2.9-12.15mdvmes5.2.x86_64.rpm 61b1c2004829c09e685e6fbd61ca2714 mes5/x86_64/apache-htcacheclean-2.2.9-12.15mdvmes5.2.x86_64.rpm 26d3fac76d72121901831d7cd38b3633 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 4bfcbbc2d949b6c0ff387c1236a26a63 mes5/x86_64/apache-mod_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 5dfcd153e80849e6eaa29541c06938d9 mes5/x86_64/apache-mod_dav-2.2.9-12.15mdvmes5.2.x86_64.rpm 59ad16a7a1ce24740a10e24b93881225 mes5/x86_64/apache-mod_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm 7ca4dc330983a90cc76ef05025171c3e mes5/x86_64/apache-mod_deflate-2.2.9-12.15mdvmes5.2.x86_64.rpm 601d5df07381c6e7f4f4ec233d7b130f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 56a892846f01dc5f354091867b1c11b9 mes5/x86_64/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 3dc34aee1e773bcd1d8104d9102ad65c mes5/x86_64/apache-mod_ldap-2.2.9-12.15mdvmes5.2.x86_64.rpm 2e523ac976afa7e9fbb49851dd7cdbad mes5/x86_64/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm 2a0c71a369a519f2606266df778200cf mes5/x86_64/apache-mod_proxy-2.2.9-12.15mdvmes5.2.x86_64.rpm 8b5695a122649830105b88a62e45dede mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.x86_64.rpm c0ad053024a6bbcc1a618639694a4a0b mes5/x86_64/apache-mod_ssl-2.2.9-12.15mdvmes5.2.x86_64.rpm f0eb92fa6a5fd1b70d32965ac32033ff mes5/x86_64/apache-modules-2.2.9-12.15mdvmes5.2.x86_64.rpm 378560cb4256e15405e6786672586239 mes5/x86_64/apache-mod_userdir-2.2.9-12.15mdvmes5.2.x86_64.rpm c5f79fe55502f5fd2e6a80ef22d14cb5 mes5/x86_64/apache-mpm-event-2.2.9-12.15mdvmes5.2.x86_64.rpm 79c9df06193fec61ece2372929da3e72 mes5/x86_64/apache-mpm-itk-2.2.9-12.15mdvmes5.2.x86_64.rpm fad5cd549063827dc78c335162a8b5ab mes5/x86_64/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.x86_64.rpm e691b3fdb827f1f03c92c3bc4265f6ee mes5/x86_64/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.x86_64.rpm 8578c114dea4dd49232a82922d46fbbc mes5/x86_64/apache-mpm-worker-2.2.9-12.15mdvmes5.2.x86_64.rpm 4eba23905fbbd38d24a99f8567304372 mes5/x86_64/apache-source-2.2.9-12.15mdvmes5.2.x86_64.rpm d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPDCNImqjQ0CJFipgRAggFAJ9xCusaErCYJUSMv5oAlTiJ5D1aWACg0UBO BqETS5tTpFVDOXlCWWgYIGQ= =8O62 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.41"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.43"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.28"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.34"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.31"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.16"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.14"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.29"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.58"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.7"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.32"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.36"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.54"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.18"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.13"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.11"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.65"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.18"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.35"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.53"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.38"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.8"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.27"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.25"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.17"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.23"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.21"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.20"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.50"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.33"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.24"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.34"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.56"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.68"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.22"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.55"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.26"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.37"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.41"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.59"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.52"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.57"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.16"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.39"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.12"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.51"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.30"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.20"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.49"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.1.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.60"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.15"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.10"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.x to 1.3.42"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.x to 2.0.64"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.x to 2.2.21"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"model": "application server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.6"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.2.0"
},
{
"model": "sparc enterprise m3000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "sparc enterprise m4000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "sparc enterprise m5000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "sparc enterprise m8000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "sparc enterprise m9000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "1118"
},
{
"model": "hp secure web server for openvms",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "v2.2"
},
{
"model": "hp system management homepage",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "7.1.1 (*)"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.2"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.18"
},
{
"model": "software foundation apache 2.0.62-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.58"
},
{
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.54"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "software foundation apache beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.42"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.38"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.52"
},
{
"model": "software foundation apache a9",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.36"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.1.0-103"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.41"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.1.73"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "software foundation apache 2.2.5-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.15"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.57"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.0.0-95"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.59"
},
{
"model": "system management homepage",
"scope": "ne",
"trust": 0.6,
"vendor": "hp",
"version": "7.0"
},
{
"model": "software foundation apache 2.0.60-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.49"
},
{
"model": "software foundation apache 2.0.61-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.50"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.0-68"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.10"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.6"
},
{
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.34"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.2-77"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.5"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.16"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "v70001.3.1.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.1"
},
{
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation apache -dev",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.56"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.60"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.51"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.12"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.1-73"
},
{
"model": "storwize unified",
"scope": "eq",
"trust": 0.6,
"vendor": "ibm",
"version": "v70001.3.0.5"
},
{
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.28"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.2.27"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.53"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "software foundation apache 2.2.6-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.0.96"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.55"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.56"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.37"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.17"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.39"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.21"
},
{
"model": "software foundation apache 2.2.15-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.20"
},
{
"model": "system management homepage b",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.2.77"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.48"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.45"
},
{
"model": "software foundation apache 2.2.7-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.43"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.47"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.64"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.6,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.46"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.6,
"vendor": "debian",
"version": "6.0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.2"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.44"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.3"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.40"
},
{
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.19"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "6"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.1"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.14"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.61"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.2.0-12"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.4"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "3.0.68"
},
{
"model": "software foundation apache 2.0.64-dev",
"scope": null,
"trust": 0.6,
"vendor": "apache",
"version": null
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.6,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.13"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"model": "oracle10g application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "networks junos",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.21"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "oracle9i application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"model": "os/400 v6r1m0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
}
],
"sources": [
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xcp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:secure_web_server_for_open_vms",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tomas Hoger",
"sources": [
{
"db": "BID",
"id": "51869"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4317",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4317",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4317",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-435",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-4317",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. This vulnerability CVE-2011-3368 Vulnerability due to incomplete fix.By a third party @ ( At sign ) Including, and : ( colon ) Incorrectly positioned, malformed URI A request may be sent to an intranet server via. Apache HTTP Server is prone to a security-bypass vulnerability. \nSuccessful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03360041\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03360041\nVersion: 1\n\nHPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on\nLinux and Windows, Remote Unauthorized Access, Disclosure of Information,\nData Modification, Denial of Service (DoS), Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-06-26\nLast Updated: 2012-06-26\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), execution of\narbitrary code\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH) running on Linux and Windows. The vulnerabilities\ncould be exploited remotely resulting in unauthorized access, disclosure of\ninformation, data modification, Denial of Service (DoS), and execution of\narbitrary code. \n\nReferences: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379,\nCVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317,\nCVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885,\nCVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053,\nCVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,\nCVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS),\nCVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege\nElevation),\nCVE-2012-2016 (Information disclosure),\nSSRT100336, SSRT100753, SSRT100669, SSRT100676,\nSSRT100695, SSRT100714, SSRT100760, SSRT100786,\nSSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v7.1.1 running on Linux and\nWindows. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7\nCVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8\nCVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5\nCVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4\nCVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2\nCVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4\nCVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided HP System Management Homepage v7.1.1 or subsequent to resolve\nthe vulnerabilities. HP System Management Homepage v7.1.1 is available here:\n\nHP System Management Homepage for Windows x64\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4064%257CswLang%253D8%257CswItem%253DMTX-ab\n0d4e9bb4654a8da503eccfd9%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Windows x86\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4022%257CswLang%253D8%257CswItem%253DMTX-f7\nc0d15d28474255bd0ec23136%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (AMD64/EM64T)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4035%257CswLang%253D8%257CswItem%253DMTX-18\nd373dd1361400fbaca892942%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHP System Management Homepage for Linux (x86)\n\n[Download here] or enter the following URL into the browser address window. \n\nhttp://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetail\ns/?sp4ts.oid=4091409\u0026spf_p.tpst=psiSwdMain\u0026spf_p.prp_psiSwdMain=wsrp-navigati\nonalState%3Dlang%253Den%257Ccc%253DUS%257CprodSeriesId%253D4091408%257CprodNa\nmeId%253D4091409%257CswEnvOID%253D4006%257CswLang%253D8%257CswItem%253DMTX-9e\n8a0188f97d48139dcb466509%257Cmode%253D3%257Caction%253DdriverDocument\u0026javax.p\nortlet.begCacheTok=com.vignette.cachetoken\u0026javax.portlet.endCacheTok=com.vign\nette.cachetoken\n\nHISTORY\nVersion:1 (rev.1) 26 June 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk/p5ksACgkQ4B86/C0qfVkQpwCfbOEZmoo7myCkxQAdqQHevKG5\n6IwAoPw4DI3YBCclyWuRekae7EFscAy0\n=zd3u\n-----END PGP SIGNATURE-----\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n[slackware-security] httpd (SSA:2012-041-01)\n\nNew httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\n13.37, and -current to fix security issues. The apr-util package has also been\nupdated to the latest version. \n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n+--------------------------+\npatches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. \n Version bump for httpd upgrade. \npatches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. \n *) SECURITY: CVE-2011-3368 (cve.mitre.org)\n Reject requests where the request-URI does not match the HTTP\n specification, preventing unexpected expansion of target URLs in\n some reverse proxy configurations. [Joe Orton]\n *) SECURITY: CVE-2011-3607 (cve.mitre.org)\n Fix integer overflow in ap_pregsub() which, when the mod_setenvif module\n is enabled, could allow local users to gain privileges via a .htaccess\n file. [Stefan Fritsch, Greg Ames]\n *) SECURITY: CVE-2011-4317 (cve.mitre.org)\n Resolve additional cases of URL rewriting with ProxyPassMatch or\n RewriteRule, where particular request-URIs could result in undesired\n backend network exposure in some configurations. \n [Joe Orton]\n *) SECURITY: CVE-2012-0021 (cve.mitre.org)\n mod_log_config: Fix segfault (crash) when the \u0027%{cookiename}C\u0027 log format\n string is in use and a client sends a nameless, valueless cookie, causing\n a denial of service. The issue existed since version 2.2.17. PR 52256. \n [Rainer Canavan \u003crainer-apache 7val com\u003e]\n *) SECURITY: CVE-2012-0031 (cve.mitre.org)\n Fix scoreboard issue which could allow an unprivileged child process\n could cause the parent to crash at shutdown rather than terminate\n cleanly. [Joe Orton]\n *) SECURITY: CVE-2012-0053 (cve.mitre.org)\n Fix an issue in error responses that could expose \"httpOnly\" cookies\n when no custom ErrorDocument is specified for status code 400. \n [Eric Covener]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 12.0 packages:\n3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz\n86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz\n\nSlackware 12.1 packages:\naab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz\n1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\nf30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz\n18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz\n\nSlackware 13.0 packages:\nd3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz\n0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nd15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz\n1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz\n49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz\n1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz\n783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz\n8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz\n\nSlackware -current packages:\ne709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz\n97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz\n\nSlackware x86_64 -current packages:\n55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz\n09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz\n\nThen, restart the httpd daemon. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ============================================================================\nUbuntu Security Notice USN-1368-1\nFebruary 16, 2012\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. An attacker having write access to a\n.htaccess file may exploit this to possibly execute arbitrary code. \n(CVE-2011-3607)\n\nPrutha Parikh discovered that the mod_proxy module did not properly\ninteract with the RewriteRule and ProxyPassMatch pattern matches in the\nconfiguration of a reverse proxy. This could allow remote attackers to\ncontact internal webservers behind the proxy that were not intended for\nexternal exposure. (CVE-2011-4317)\n\nRainer Canavan discovered that the mod_log_config module incorrectly\nhandled a certain format string when used with a threaded MPM. A remote\nattacker could exploit this to cause a denial of service via a specially-\ncrafted cookie. \n(CVE-2012-0021)\n\nIt was discovered that the Apache HTTP Server incorrectly handled certain\ntype fields within a scoreboard shared memory segment. A local attacker\ncould exploit this to to cause a denial of service. (CVE-2012-0031)\n\nNorman Hippert discovered that the Apache HTTP Server incorrecly handled\nheader information when returning a Bad Request (400) error page. A remote\nattacker could exploit this to obtain the values of certain HTTPOnly\ncookies. (CVE-2012-0053)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n apache2.2-common 2.2.20-1ubuntu1.2\n\nUbuntu 11.04:\n apache2.2-common 2.2.17-1ubuntu1.5\n\nUbuntu 10.10:\n apache2.2-common 2.2.16-1ubuntu3.5\n\nUbuntu 10.04 LTS:\n apache2.2-common 2.2.14-5ubuntu8.8\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.23\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1368-1\n CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031,\n CVE-2012-0053\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2\n https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5\n https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5\n https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8\n https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:003\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : apache\n Date : January 10, 2012\n Affected: 2010.1, 2011., Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been found and corrected in apache:\n \n Integer overflow in the ap_pregsub function in server/util.c in the\n Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21,\n when the mod_setenvif module is enabled, allows local users to gain\n privileges via a .htaccess file with a crafted SetEnvIf directive,\n in conjunction with a crafted HTTP request header, leading to a\n heap-based buffer overflow (CVE-2011-3607). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2010.1:\n 47721c86104358598ddc96c7e93cbdf8 2010.1/i586/apache-base-2.2.15-3.6mdv2010.2.i586.rpm\n c4029cf90932f6c6d864cc3d91750bca 2010.1/i586/apache-devel-2.2.15-3.6mdv2010.2.i586.rpm\n 1f9554a4bdb15089b2711b77fe927c61 2010.1/i586/apache-htcacheclean-2.2.15-3.6mdv2010.2.i586.rpm\n 8d1d86c9b9737d244fde84560718d8e4 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.i586.rpm\n d33b4789fd1effc6222440d4cd04dd9e 2010.1/i586/apache-mod_cache-2.2.15-3.6mdv2010.2.i586.rpm\n 634a44c3077bf6b56a19ba2ee367c7ec 2010.1/i586/apache-mod_dav-2.2.15-3.6mdv2010.2.i586.rpm\n e6d01a8e87b87234c6ac49aa9491aa6f 2010.1/i586/apache-mod_dbd-2.2.15-3.6mdv2010.2.i586.rpm\n 8a062c3d3255701c066879d4092f70be 2010.1/i586/apache-mod_deflate-2.2.15-3.6mdv2010.2.i586.rpm\n 9c8a07706f25f84c7fb1deadd948a754 2010.1/i586/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.i586.rpm\n 8bc3e2eea57fb63efb5b184e11ca8f1b 2010.1/i586/apache-mod_file_cache-2.2.15-3.6mdv2010.2.i586.rpm\n 498bc63dfedfa9021a0dd91b6ffed359 2010.1/i586/apache-mod_ldap-2.2.15-3.6mdv2010.2.i586.rpm\n 586c31feb7fb7ca857ef7ee45bf9aebf 2010.1/i586/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.i586.rpm\n 308a280dc26817b96a6845bc7578c3db 2010.1/i586/apache-mod_proxy-2.2.15-3.6mdv2010.2.i586.rpm\n 328ac2fe0f4e22d6fe07ae7f70a52fe2 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.i586.rpm\n 930c0accae0dd1f5a575d3585c323ac9 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.i586.rpm\n 2a5777c4e69db66cc2ae0415aaa0dc9f 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.i586.rpm\n 66b7801aa2e0c5dca2615ccdafed173e 2010.1/i586/apache-mod_ssl-2.2.15-3.6mdv2010.2.i586.rpm\n 8d9053f7c60598e3e9fd7a31c2ddaf87 2010.1/i586/apache-modules-2.2.15-3.6mdv2010.2.i586.rpm\n 8fad2bd2b81936e4d56feac1c7a4a241 2010.1/i586/apache-mod_userdir-2.2.15-3.6mdv2010.2.i586.rpm\n 12cf47a671ecc70457b74d77da1e976b 2010.1/i586/apache-mpm-event-2.2.15-3.6mdv2010.2.i586.rpm\n 97f21f06c7a6b92c4c31c97b0f3ab060 2010.1/i586/apache-mpm-itk-2.2.15-3.6mdv2010.2.i586.rpm\n 17a097d14ee2d2eb8d9f5d4f1b9c1843 2010.1/i586/apache-mpm-peruser-2.2.15-3.6mdv2010.2.i586.rpm\n 5b488c7767f3c922f36de062e230de3d 2010.1/i586/apache-mpm-prefork-2.2.15-3.6mdv2010.2.i586.rpm\n 1c8974dfcec0aa5b8d8260c258d6df49 2010.1/i586/apache-mpm-worker-2.2.15-3.6mdv2010.2.i586.rpm\n f8ed0cb6600be8c3ec1f2b802a7c0eed 2010.1/i586/apache-source-2.2.15-3.6mdv2010.2.i586.rpm \n 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 04a6488038ca1a84d7e91ce51e4d677f 2010.1/x86_64/apache-base-2.2.15-3.6mdv2010.2.x86_64.rpm\n 2ba4bd05b46725f127e5b2033fd51667 2010.1/x86_64/apache-devel-2.2.15-3.6mdv2010.2.x86_64.rpm\n f351ed5721f1b05a6b7dc87ed7aa7a69 2010.1/x86_64/apache-htcacheclean-2.2.15-3.6mdv2010.2.x86_64.rpm\n 153c76dacd12ef6981827213ec0c8772 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm\n 7ed6d7c584fc0eb78303e39ed60b4a73 2010.1/x86_64/apache-mod_cache-2.2.15-3.6mdv2010.2.x86_64.rpm\n 5a3617389d5a007ecf3dfa4f5ab91b85 2010.1/x86_64/apache-mod_dav-2.2.15-3.6mdv2010.2.x86_64.rpm\n 93edc8b77815d7cba4373419cb8f5a59 2010.1/x86_64/apache-mod_dbd-2.2.15-3.6mdv2010.2.x86_64.rpm\n 6e5e5caf00902784efdf13c10939db9d 2010.1/x86_64/apache-mod_deflate-2.2.15-3.6mdv2010.2.x86_64.rpm\n 4a0347d7d0670c0538d2682dfe9e1e53 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.6mdv2010.2.x86_64.rpm\n 8bcc135e98c375d28c3afcd629535a4a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.6mdv2010.2.x86_64.rpm\n 214355942ac62028f2697d82906b3920 2010.1/x86_64/apache-mod_ldap-2.2.15-3.6mdv2010.2.x86_64.rpm\n d9701a16932c1d36f3551fd0ad99ac0f 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.6mdv2010.2.x86_64.rpm\n 0514e08540031d1a8fc22420440cf2eb 2010.1/x86_64/apache-mod_proxy-2.2.15-3.6mdv2010.2.x86_64.rpm\n 564d18314a970303342fa5ef1f5bcd23 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.6mdv2010.2.x86_64.rpm\n d77370118f402a18bd465508b9ae74c1 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.6mdv2010.2.x86_64.rpm\n fe3a57456ddb162f53ec86b64aa0f218 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.6mdv2010.2.x86_64.rpm\n b880b8406d1a500a9f4503c06fcfe072 2010.1/x86_64/apache-mod_ssl-2.2.15-3.6mdv2010.2.x86_64.rpm\n 3392607a02a34b7a53207feb7ed73498 2010.1/x86_64/apache-modules-2.2.15-3.6mdv2010.2.x86_64.rpm\n f06a2e4cac81365e5c73e365b0f35abe 2010.1/x86_64/apache-mod_userdir-2.2.15-3.6mdv2010.2.x86_64.rpm\n 3d13698fac6a6dfdafa026b1152a5b1c 2010.1/x86_64/apache-mpm-event-2.2.15-3.6mdv2010.2.x86_64.rpm\n 16ba47b4fea6f39569be110bbcfaedb6 2010.1/x86_64/apache-mpm-itk-2.2.15-3.6mdv2010.2.x86_64.rpm\n f24cd380dad81a610d73419eaeb86e04 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.6mdv2010.2.x86_64.rpm\n d170fad92e75077db15fd802be9deda2 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.6mdv2010.2.x86_64.rpm\n d967b2e614babf85b3df09589e6978e2 2010.1/x86_64/apache-mpm-worker-2.2.15-3.6mdv2010.2.x86_64.rpm\n 2c7f977cb7a7494a3e7f020c591b5bea 2010.1/x86_64/apache-source-2.2.15-3.6mdv2010.2.x86_64.rpm \n 482f8796d668ae703faaf53d3f4c2c7f 2010.1/SRPMS/apache-2.2.15-3.6mdv2010.2.src.rpm\n\n Mandriva Linux 2011:\n 627e6ab0f50fa35c7a639626e23a38a3 2011/i586/apache-base-2.2.21-0.4-mdv2011.0.i586.rpm\n f834f9e39003d30ee6d2e2b7b3c6253c 2011/i586/apache-devel-2.2.21-0.4-mdv2011.0.i586.rpm\n e96cfc5498ea7afca1fe2b22168d3259 2011/i586/apache-htcacheclean-2.2.21-0.4-mdv2011.0.i586.rpm\n f6700e8a1bc0a6a34b18f5ed091231e3 2011/i586/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.i586.rpm\n 8d37dfd4133c3078702921a517f726b7 2011/i586/apache-mod_cache-2.2.21-0.4-mdv2011.0.i586.rpm\n 49ce15b00c473c0ff39f54d5741e91a5 2011/i586/apache-mod_dav-2.2.21-0.4-mdv2011.0.i586.rpm\n 42cb7d2f579c14bfb8682a0b8174603f 2011/i586/apache-mod_dbd-2.2.21-0.4-mdv2011.0.i586.rpm\n 35fcf3b213505b161067e8ba65cbfe2a 2011/i586/apache-mod_deflate-2.2.21-0.4-mdv2011.0.i586.rpm\n 2d8ee244d999ddcf58afb5f92de698f4 2011/i586/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.i586.rpm\n b2e589ebe2292ea479929203fc3059f2 2011/i586/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.i586.rpm\n a1506320b89211bd3bbb8f996593e094 2011/i586/apache-mod_ldap-2.2.21-0.4-mdv2011.0.i586.rpm\n 7ec9927d7efccf86308be53a56c8e1ec 2011/i586/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.i586.rpm\n 529d3fdcc50ec7f84e8fd4053d79e939 2011/i586/apache-mod_proxy-2.2.21-0.4-mdv2011.0.i586.rpm\n dff350fe73e8206df27faf0590062278 2011/i586/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.i586.rpm\n 91e931c21077f11a1af420edb86c14b4 2011/i586/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.i586.rpm\n c75091575000eee79711cbc988670d0d 2011/i586/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.i586.rpm\n a3953933158f467b931f77939a8802f5 2011/i586/apache-mod_ssl-2.2.21-0.4-mdv2011.0.i586.rpm\n 3217a4a46e1b449cfef57e07a487127a 2011/i586/apache-modules-2.2.21-0.4-mdv2011.0.i586.rpm\n 996837cadafe02b3f3e451c30a81839d 2011/i586/apache-mod_userdir-2.2.21-0.4-mdv2011.0.i586.rpm\n 35b55759125bc4075676160ec82e6da4 2011/i586/apache-mpm-event-2.2.21-0.4-mdv2011.0.i586.rpm\n 7f73f3385505743b62016050e18e1d95 2011/i586/apache-mpm-itk-2.2.21-0.4-mdv2011.0.i586.rpm\n a87bd2119895110b0483548236319418 2011/i586/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.i586.rpm\n da6507b8694c0d83c697e3438cc14f99 2011/i586/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.i586.rpm\n 31e5c55aab89b2ac1b8e35d4694a6157 2011/i586/apache-mpm-worker-2.2.21-0.4-mdv2011.0.i586.rpm\n fc55eb6d0e4c1064b9712f8dfee0c9a2 2011/i586/apache-source-2.2.21-0.4-mdv2011.0.i586.rpm \n fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 256f14e15bc11b9f2e117237a0afcecd 2011/x86_64/apache-base-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 1811331e8129fbb841591ead6d66fb3a 2011/x86_64/apache-devel-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 2169f3ab56b419e32cdd0c6374280609 2011/x86_64/apache-htcacheclean-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 3eb90fce534439380f8c200f212b80d1 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm\n d7e9ccdb75d0f0cd938b11bf0b34ea75 2011/x86_64/apache-mod_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 22f9c708f1f1a7111306b96f2f7a2f16 2011/x86_64/apache-mod_dav-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 9006ed39d4482543acbc0a306d1c98b9 2011/x86_64/apache-mod_dbd-2.2.21-0.4-mdv2011.0.x86_64.rpm\n ac342440d76088ce12784eaec8a04cfd 2011/x86_64/apache-mod_deflate-2.2.21-0.4-mdv2011.0.x86_64.rpm\n fe98d140fb40902b6e9e8d6209b7ee6e 2011/x86_64/apache-mod_disk_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 5fddef6bf9280f38f4758840c20500d0 2011/x86_64/apache-mod_file_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 3035cd294b73d3419a4a8bc911c95b59 2011/x86_64/apache-mod_ldap-2.2.21-0.4-mdv2011.0.x86_64.rpm\n e045b1f053add604a46b20c0f33654e4 2011/x86_64/apache-mod_mem_cache-2.2.21-0.4-mdv2011.0.x86_64.rpm\n ecdced72ed663ff13abc879888f2a369 2011/x86_64/apache-mod_proxy-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 33dbc278cf903e327492485eb93421c0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 668df865cf090bc56386119ffbf69009 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.4-mdv2011.0.x86_64.rpm\n f4ffe3b3c6ea342b92f6ff616be3242f 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 2a459d496bcfda4a902bf5ba160005b0 2011/x86_64/apache-mod_ssl-2.2.21-0.4-mdv2011.0.x86_64.rpm\n ffefbf2ceabca42e49e3985bb985880f 2011/x86_64/apache-modules-2.2.21-0.4-mdv2011.0.x86_64.rpm\n d4bfe84a86bd688730666e116df26062 2011/x86_64/apache-mod_userdir-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 417d6c12ec5d7580ae209a439307e0c1 2011/x86_64/apache-mpm-event-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 3580eac20ad0954ec9c9e148070cde92 2011/x86_64/apache-mpm-itk-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 34c074464e9776093c6fd8b0b00d277d 2011/x86_64/apache-mpm-peruser-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 77fe238e2acd3e9f50a0c6b4e70dbd91 2011/x86_64/apache-mpm-prefork-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 530632e85e3a1c56aeb5c22b59d51074 2011/x86_64/apache-mpm-worker-2.2.21-0.4-mdv2011.0.x86_64.rpm\n 54ae3219fe5921167de58e02d1709136 2011/x86_64/apache-source-2.2.21-0.4-mdv2011.0.x86_64.rpm \n fabc4aa5d999deba6d27c9ada2094dd8 2011/SRPMS/apache-2.2.21-0.4.src.rpm\n\n Mandriva Enterprise Server 5:\n 694c14ac1aa725219116cf0821bccd4d mes5/i586/apache-base-2.2.9-12.15mdvmes5.2.i586.rpm\n b78fcfdd2dcba4e1bbb2445850d309a6 mes5/i586/apache-devel-2.2.9-12.15mdvmes5.2.i586.rpm\n d0df79579e11145dc6222c7be498a08b mes5/i586/apache-htcacheclean-2.2.9-12.15mdvmes5.2.i586.rpm\n 41bc754f609edd0585e87bfeae433ad0 mes5/i586/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.i586.rpm\n 4ed0091207ac154c47948b14937d8419 mes5/i586/apache-mod_cache-2.2.9-12.15mdvmes5.2.i586.rpm\n 98ec70cb55cc2d6cfe75e555827e09f6 mes5/i586/apache-mod_dav-2.2.9-12.15mdvmes5.2.i586.rpm\n 0b57ad40a88d289ff7e93dbee8f7029c mes5/i586/apache-mod_dbd-2.2.9-12.15mdvmes5.2.i586.rpm\n 60ffbd92bf1c64f9f5d9de84fc1ea3a9 mes5/i586/apache-mod_deflate-2.2.9-12.15mdvmes5.2.i586.rpm\n 96acedbceae6f50795f5f8eb83bf0894 mes5/i586/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.i586.rpm\n 2faa60da5066030c6e1739bcd2e0c186 mes5/i586/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.i586.rpm\n d8dd234832a23fd7b8fe89b3ab2912ec mes5/i586/apache-mod_ldap-2.2.9-12.15mdvmes5.2.i586.rpm\n 192b0318fcc0149886d2bf65ca3eb7a0 mes5/i586/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.i586.rpm\n c5e14efbac8f535f9d47d71e15210ece mes5/i586/apache-mod_proxy-2.2.9-12.15mdvmes5.2.i586.rpm\n 86b9b67a3de9e2b3cb90369d74b259eb mes5/i586/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.i586.rpm\n 23771d89269201a8d41aad22ed7dd9fe mes5/i586/apache-mod_ssl-2.2.9-12.15mdvmes5.2.i586.rpm\n a9fe76cd2785c8baeb1a4cc24a9e9580 mes5/i586/apache-modules-2.2.9-12.15mdvmes5.2.i586.rpm\n b156b74e9d0b3f028ec422be7770c61b mes5/i586/apache-mod_userdir-2.2.9-12.15mdvmes5.2.i586.rpm\n ae57012ad1bfe385be299692f6b70cc1 mes5/i586/apache-mpm-event-2.2.9-12.15mdvmes5.2.i586.rpm\n 509a7cb7af1ac015b3b383058dc3d460 mes5/i586/apache-mpm-itk-2.2.9-12.15mdvmes5.2.i586.rpm\n 0f16651ec38ae7d878fe4a2368ee9d54 mes5/i586/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.i586.rpm\n 7e1c86769e9c7869f0b8636f458ec627 mes5/i586/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.i586.rpm\n 35ea9692f732f36905a86fb4dba9cdda mes5/i586/apache-mpm-worker-2.2.9-12.15mdvmes5.2.i586.rpm\n 1a8cac6533373a9fd3faa3b79599c088 mes5/i586/apache-source-2.2.9-12.15mdvmes5.2.i586.rpm \n d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 0ae1d7f13adab27acc8b786e95915c14 mes5/x86_64/apache-base-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 1bd7812000e4f71ddd083300f004e8bd mes5/x86_64/apache-devel-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 61b1c2004829c09e685e6fbd61ca2714 mes5/x86_64/apache-htcacheclean-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 26d3fac76d72121901831d7cd38b3633 mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 4bfcbbc2d949b6c0ff387c1236a26a63 mes5/x86_64/apache-mod_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 5dfcd153e80849e6eaa29541c06938d9 mes5/x86_64/apache-mod_dav-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 59ad16a7a1ce24740a10e24b93881225 mes5/x86_64/apache-mod_dbd-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 7ca4dc330983a90cc76ef05025171c3e mes5/x86_64/apache-mod_deflate-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 601d5df07381c6e7f4f4ec233d7b130f mes5/x86_64/apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 56a892846f01dc5f354091867b1c11b9 mes5/x86_64/apache-mod_file_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 3dc34aee1e773bcd1d8104d9102ad65c mes5/x86_64/apache-mod_ldap-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 2e523ac976afa7e9fbb49851dd7cdbad mes5/x86_64/apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 2a0c71a369a519f2606266df778200cf mes5/x86_64/apache-mod_proxy-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 8b5695a122649830105b88a62e45dede mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.x86_64.rpm\n c0ad053024a6bbcc1a618639694a4a0b mes5/x86_64/apache-mod_ssl-2.2.9-12.15mdvmes5.2.x86_64.rpm\n f0eb92fa6a5fd1b70d32965ac32033ff mes5/x86_64/apache-modules-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 378560cb4256e15405e6786672586239 mes5/x86_64/apache-mod_userdir-2.2.9-12.15mdvmes5.2.x86_64.rpm\n c5f79fe55502f5fd2e6a80ef22d14cb5 mes5/x86_64/apache-mpm-event-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 79c9df06193fec61ece2372929da3e72 mes5/x86_64/apache-mpm-itk-2.2.9-12.15mdvmes5.2.x86_64.rpm\n fad5cd549063827dc78c335162a8b5ab mes5/x86_64/apache-mpm-peruser-2.2.9-12.15mdvmes5.2.x86_64.rpm\n e691b3fdb827f1f03c92c3bc4265f6ee mes5/x86_64/apache-mpm-prefork-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 8578c114dea4dd49232a82922d46fbbc mes5/x86_64/apache-mpm-worker-2.2.9-12.15mdvmes5.2.x86_64.rpm\n 4eba23905fbbd38d24a99f8567304372 mes5/x86_64/apache-source-2.2.9-12.15mdvmes5.2.x86_64.rpm \n d5b6cb92ebf473ba42a32b84fa40f40d mes5/SRPMS/apache-2.2.9-12.15mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPDCNImqjQ0CJFipgRAggFAJ9xCusaErCYJUSMv5oAlTiJ5D1aWACg0UBO\nBqETS5tTpFVDOXlCWWgYIGQ=\n=8O62\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4317"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
},
{
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"db": "PACKETSTORM",
"id": "121573"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "108537"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=36352",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4317"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4317",
"trust": 3.6
},
{
"db": "JUNIPER",
"id": "JSA10585",
"trust": 1.9
},
{
"db": "SECTRACK",
"id": "1026353",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "48551",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435",
"trust": 0.6
},
{
"db": "BID",
"id": "51869",
"trust": 0.3
},
{
"db": "JUNIPER",
"id": "JSA10658",
"trust": 0.3
},
{
"db": "BID",
"id": "50802",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2011-4317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121573",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108537",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
},
{
"db": "PACKETSTORM",
"id": "121573"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "108537"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"id": "VAR-201111-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.30555555
},
"last_update_date": "2026-03-09T22:18:26.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://httpd.apache.org/"
},
{
"title": "APPLE-SA-2012-09-19-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5501"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP"
},
{
"title": "HPSBOV02822 SSRT100966",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954"
},
{
"title": "HPSBMU02786 SSRT100877",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"title": "MDVSA-2013:150",
"trust": 0.8,
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"title": "MDVSA-2012:003",
"trust": 0.8,
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:003"
},
{
"title": "openSUSE-SU-2013:0248",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html"
},
{
"title": "openSUSE-SU-2013:0243",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html"
},
{
"title": "Bug 756483",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=756483"
},
{
"title": "RHSA-2012:0128",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"title": "July 2012 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/july_2012_critical_patch_update"
},
{
"title": "CVE-2011-4317 Improper Input Validation vulnerability in Apache HTTP Server ",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_4317_improper_input"
},
{
"title": "Multiple vulnerabilities in Apache HTTP Server 1.3",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "JSA10585",
"trust": 0.8,
"url": "http://kb.juniper.net/JSA10585"
},
{
"title": "Apache HTTP Server mod_proxy Reverse proxy mode security bypass vulnerability Repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145990"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1368-1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "Pentest-Cheetsheet",
"trust": 0.1,
"url": "https://github.com/MrFrozenPepe/Pentest-Cheetsheet "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/SecureAxom/strike "
},
{
"title": "pigat",
"trust": 0.1,
"url": "https://github.com/teamssix/pigat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://thread.gmane.org/gmane.comp.apache.devel/46440"
},
{
"trust": 1.9,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
},
{
"trust": 1.9,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:003"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1026353"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0128.html"
},
{
"trust": 1.6,
"url": "https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48551"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2012/dsa-2405"
},
{
"trust": 1.6,
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=756483"
},
{
"trust": 1.6,
"url": "http://kb.juniper.net/jsa10585"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4317"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4317"
},
{
"trust": 0.6,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.6,
"url": "https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317"
},
{
"trust": 0.6,
"url": "http://support.avaya.com/css/p8/documents/100157326"
},
{
"trust": 0.6,
"url": "http://support.avaya.com/css/p8/documents/100158872"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm48384"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=nas2394373277328c954862579cd003c709c"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=nas39578294f523b4b8c862579dd00751bce"
},
{
"trust": 0.3,
"url": "https://support.avaya.com/css/p8/documents/100155947"
},
{
"trust": 0.3,
"url": "https://support.avaya.com/css/p8/documents/100155955"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10585"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10658\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954\u0026ac.admitted=1349807398574.876444892.199480143"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2016"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0057"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4078"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1165"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4885"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2834"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1944"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2014"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0830"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4153"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4415"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4577"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0027"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2015"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3379"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2821"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3607"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/psi/swddetail"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0021"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0031"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3368"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0053"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1368-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
}
],
"sources": [
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
},
{
"db": "PACKETSTORM",
"id": "121573"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "108537"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
},
{
"db": "PACKETSTORM",
"id": "121573"
},
{
"db": "PACKETSTORM",
"id": "114272"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "108537"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-30T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"date": "2012-02-06T00:00:00",
"db": "BID",
"id": "51869"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50802"
},
{
"date": "2013-05-09T14:44:00",
"db": "PACKETSTORM",
"id": "121573"
},
{
"date": "2012-06-28T03:39:12",
"db": "PACKETSTORM",
"id": "114272"
},
{
"date": "2012-02-13T21:12:34",
"db": "PACKETSTORM",
"id": "109725"
},
{
"date": "2012-02-17T02:34:31",
"db": "PACKETSTORM",
"id": "109837"
},
{
"date": "2012-01-10T12:12:00",
"db": "PACKETSTORM",
"id": "108537"
},
{
"date": "2011-11-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"date": "2011-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"date": "2011-11-30T04:05:58.670000",
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4317"
},
{
"date": "2013-03-22T21:46:00",
"db": "BID",
"id": "51869"
},
{
"date": "2015-04-13T20:23:00",
"db": "BID",
"id": "50802"
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-435"
},
{
"date": "2015-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003172"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-435"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server of mod_proxy Vulnerability in module sending requests to intranet server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003172"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "51869"
},
{
"db": "BID",
"id": "50802"
}
],
"trust": 0.6
}
}
VAR-200911-0398
Vulnerability from variot - Updated: 2026-03-09 22:17The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors' TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. Successful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote attackers to bypass the certificate revocation list (CRL) check and cause a stack-based buffer overflow via a crafted X.509 certificate, related to extraction of a serial number (CVE-2010-0731).
The updated packages have been patched to correct these issues. - The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. ----------------------------------------------------------------------
http://secunia.com/research/
http://secunia.com/company/jobs/open_positions/reverse_engineer
TITLE: Oracle Application Server Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44293
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44293/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
RELEASE DATE: 2011-04-24
DISCUSS ADVISORY: http://secunia.com/advisories/44293/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44293/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44293
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious users and people to manipulate certain data.
1) An error exists in the C Oracle SSL API of the Oracle Security Service component and can be exploited to manipulate certain data.
For more information see vulnerability #1: SA37291
2) An unspecified error in the Oracle HTTP Server component can be exploited to manipulate certain data.
3) An error exists in the Midtier Infrastructure of the Portal component and can be exploited to manipulate certain data.
For more information see vulnerability #3: SA44246
4) An unspecified error in the Single Sign On component can be exploited by authenticated users to manipulate certain data.
The vulnerabilities are reported in the following products: * Oracle Application Server 10g Release 2 version 10.1.2.3.0. * Oracle Application Server 10g Release 3 version 10.1.3.5.0.
SOLUTION: Apply updates (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2010:084 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : April 28, 2010 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0
Problem Description:
Multiple Java OpenJDK security vulnerabilities has been identified and fixed:
- TLS: MITM attacks via session renegotiation (CVE-2009-3555).
- Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082).
- Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084).
- File TOCTOU deserialization vulnerability (CVE-2010-0085).
- Inflater/Deflater clone issues (CVE-2010-0088).
- Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091).
- AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092).
- System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093).
- Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094).
- Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095).
- JAR unpack200 must verify input parameters (CVE-2010-0837).
- CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838).
- Applet Trusted Methods Chaining Privilege Escalation Vulner ability (CVE-2010-0840).
- No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845)
- ImagingLib arbitrary code execution vulnerability (CVE-2010-0847).
- AWT Library Invalid Index Vulnerability (CVE-2010-0848).
Additional security issues that was fixed with IcedTea6 1.6.2: - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885).
Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages:
- plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474.
Packages for 2009.0 are provided due to the Extended Maintenance Program.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938 http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073
Updated Packages:
Mandriva Linux 2009.0: 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm
Mandriva Linux 2009.1: 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm
Mandriva Linux 2010.0: f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm
Mandriva Enterprise Server 5: 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW +oOtru3I2iYRjlx04fi7wMw= =rIwa -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01
http://security.gentoo.org/
Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation.
Background
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact.
A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package:
# emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package:
# emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
[ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-927-6 July 23, 2010 nss vulnerability CVE-2009-3555 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 9.04: libnss3-1d 3.12.6-0ubuntu0.9.04.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
Details follow:
USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04.
Original advisory details:
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz
Size/MD5: 36776 09e94267337a3318b4955b7a830f5244
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc
Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76
http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz
Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 263110 37bf5e46dc372000a1932336ded61143
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb
Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 1112446 64e165966e297b247e220aa017851248
http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 17790 6a4afb594384085b41502911476f9d27
http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb
Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 17788 217da64905b090392eb4acfa43d282c2
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb
Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb
Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5
http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320
http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 17794 2f08b7d40b6069754762083051c03f27
http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb
Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620
-- Jamie Strandboge | http://www.canonical.com . This update addresses these protocol vulnerabilities in lighttpd.
CVE-2009-3555
Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions. This issue is solved in lighttpd by disabling client initiated renegotiation by default.
Those users that do actually need such renegotiations, can reenable them via the new 'ssl.disable-client-renegotiation' parameter.
CVE-2012-4929
Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed 'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update disables compression.
For the stable distribution (squeeze), these problems have been fixed in version 1.4.28-2+squeeze1.2.
For the testing distribution (wheezy), and the unstable distribution (sid) these problems have been fixed in version 1.4.30-1.
We recommend that you upgrade your lighttpd packages. Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) CVE Name: CVE-2009-4146, CVE-2009-4147
For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .
I. Background
The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. It also allows users to explicitly load libraries via various LD_ environmental variables.
II. Problem Description
When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing.
III. Impact
An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run. On most systems configurations, this will allow a local attacker to execute code as the root user.
IV. Workaround
No workaround is available, but systems without untrusted local users, where all the untrusted local users are jailed superusers, and/or where untrusted users cannot execute arbitrary code (e.g., due to use of read only and noexec mount options) are not affected.
Note that "untrusted local users" include users with the ability to upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they may be able to exploit this issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 7.x]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc
[FreeBSD 8.0]
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch
fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/libexec/rtld-elf
make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On amd64 systems where the i386 rtld are installed, the operating system should instead be recompiled as described in
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_7 src/libexec/rtld-elf/rtld.c 1.124.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.8 src/sys/conf/newvers.sh 1.72.2.11.2.9 src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 RELENG_7_1 src/UPDATING 1.507.2.13.2.12 src/sys/conf/newvers.sh 1.72.2.9.2.13 src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 RELENG_8 src/libexec/rtld-elf/rtld.c 1.139.2.4 RELENG_8_0 src/UPDATING 1.632.2.7.2.4 src/sys/conf/newvers.sh 1.83.2.6.2.4 src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2
Subversion:
Branch/path Revision
stable/7/ r199981 releng/7.2/ r200054 releng/7.1/ r200054 stable/8/ r199980 releng/8.0/ r200054
VII. HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01945686 Version: 1
HPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-11-25 Last Updated: 2009-11-25
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited
remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided upgrades to resolve this vulnerability. The upgrades are available from the following location.
HOST ACCOUNT PASSWORD
ftp.usa.hp.com sb02482 Secure12
HP-UX Release Depot name SHA-1 Hash
B.11.11 PA (32 and 64) OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4
B.11.23 (PA and IA) OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2
B.11.31 (PA and IA) OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca
Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,
applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08l or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN action: install revision A.00.09.08l.001 or subsequent
HP-UX B.11.23
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.002 or subsequent
HP-UX B.11.31
openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-LIB.2 openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PRNG.2 openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-RUN.2 action: install revision A.00.09.08l.003 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 25 November 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta H6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3 =h0Pb -----END PGP SIGNATURE----- . HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
Kit Name Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "unified communications manager 5.1",
"scope": null,
"trust": 2.1,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nginx",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "0.1.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.04"
},
{
"_id": null,
"model": "nginx",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "0.8.22"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.04"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "12"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "9.10"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "10.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "11"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.10"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "14"
},
{
"_id": null,
"model": "nss",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "3.12.4"
},
{
"_id": null,
"model": "gnutls",
"scope": "lte",
"trust": 1.0,
"vendor": "gnu",
"version": "2.8.5"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0"
},
{
"_id": null,
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "0.9.8k"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "13"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "jre 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 08",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 1.5.0 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 25",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0 24",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 24",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 11",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 03",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 1.4.2 16",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 16",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 11",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 0 10",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0 10",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 17",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 21",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 15",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 22",
"scope": "ne",
"trust": 0.9,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "jre 15",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 26",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 09",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 17",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 18",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 22",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 02",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jre 1.6.0 01",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 12",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "sdk 05",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "jdk 14",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 02",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace module a2",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "sdk 03",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "sdk 1.4.2 19",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 12",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 13",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "sdk 1.4.2 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 04",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jdk 1.5.0 20",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.5.0 23",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "sdk 1.4.2 13",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.6.0 19",
"scope": "ne",
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 18",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 14",
"scope": null,
"trust": 0.9,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 22",
"scope": "eq",
"trust": 0.9,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.9,
"vendor": "microsoft",
"version": "7.0"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "barracuda",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnutls",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
},
{
"_id": null,
"model": "jdk 01-b06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk .0 04",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ace appliance a1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.30"
},
{
"_id": null,
"model": "jdk 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ace application control engine module 3.0 a2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jdk .0 03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 1.5.0 12",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 2",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 07-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jdk 06",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.5.0.0 11",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 11-b03",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "unified communications manager su1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jdk 1.6.0 01",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified computing system blade-server 4.0 n2",
"scope": "ne",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "jre 1.6.0 20",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.20"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6f"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6g"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6i"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6c"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "0.9.6h"
},
{
"_id": null,
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows vista edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x640"
},
{
"_id": null,
"model": "java system directory server patch6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.2(1)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)9"
},
{
"_id": null,
"model": "cosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.4"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3.1"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "weblogic server ga",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "windows server for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.63"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.41"
},
{
"_id": null,
"model": "project openssl b-36.8",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "windows vista business sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.2(1.16)"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.173.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.0.201"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "opensolaris build snv 123",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.1.1"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "ace series application control engine appliances 3.0 a3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4700"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 114",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.2"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos rn",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "project proftpd 1.3.2b",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "project openssl 0.9.8l",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.01"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8"
},
{
"_id": null,
"model": "systems insight manager c",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "05.00.02"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.4.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.51"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "meeting exchange web conferencing server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "matrixssl",
"scope": "ne",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.10"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.06"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.02"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.5"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified ip phone 7911g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise sdk sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "blackberry enterprise server for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)12"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.1"
},
{
"_id": null,
"model": "client",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2008"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1)"
},
{
"_id": null,
"model": "7.0-release-p12",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.6.1"
},
{
"_id": null,
"model": "windows vista home basic sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.80"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3"
},
{
"_id": null,
"model": "project proftpd a",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "7.0-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.8"
},
{
"_id": null,
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.24)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15000"
},
{
"_id": null,
"model": "jdk 1.5.0 11",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.1"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.32"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.19)"
},
{
"_id": null,
"model": "web server r3",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.51"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "7.1-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5)"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76003.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "2.1-rc21",
"scope": "ne",
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "windows vista",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "jdk 1.5.0.0 06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.3"
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.6"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "opensolaris build snv 118",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus processing kit for xml",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "unified ip phone sip",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.2"
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/7600"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.628"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "weblogic server mp3",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2"
},
{
"_id": null,
"model": "opensolaris build snv 112",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.5"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.1.3"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.12"
},
{
"_id": null,
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7936"
},
{
"_id": null,
"model": "opensolaris build snv 129",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.4.6"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)82"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.6"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4.1"
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "32.05"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)7"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.102"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5"
},
{
"_id": null,
"model": "java system web server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista business",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.3"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.2 sr4b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "windows server for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)14"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.3"
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.6"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.3(0.08)"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows server itanium sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone sip sscp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(6)"
},
{
"_id": null,
"model": "windows xp home sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "thunderbird",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl beta2",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "one directory server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.0"
},
{
"_id": null,
"model": "enterprise linux server supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.14)"
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)26"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.25"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3.1"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)11"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"_id": null,
"model": "jdk 1.5.0 11-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2009.06"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.4"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.10.2.65"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0"
},
{
"_id": null,
"model": "communication manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix series security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5007.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.13"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1"
},
{
"_id": null,
"model": "enterprise linux workstation supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "access manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "windows vista home premium sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.24"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.2.0"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "integrated lights-out",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "21.16"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.6"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.2.8"
},
{
"_id": null,
"model": "systems insight manager sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "windows terminal services sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "100000"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3-1"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.178.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server sp2 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "unified communication manager business edition",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0.x"
},
{
"_id": null,
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "nx-os 4.0 n2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows datacenter server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "windows xp professional edition sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "2.1-rc9",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.3"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows server for 32-bit systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "beta11",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "telepresence recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows vista home premium",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.3"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "moblin",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.2"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "opensolaris build snv 122",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1(4)"
},
{
"_id": null,
"model": "weblogic server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.0"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.4"
},
{
"_id": null,
"model": "csm 4.2.3a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.3"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7960"
},
{
"_id": null,
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)16"
},
{
"_id": null,
"model": "pfsense 1.2-rc3",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.1"
},
{
"_id": null,
"model": "access manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "windows terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux enterprise java sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.1"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg 8100-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.40.3"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager sr2b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.52"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)10"
},
{
"_id": null,
"model": "meeting exchange recording server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.1"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(2)"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.11"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "windows server web edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.5"
},
{
"_id": null,
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.3"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.100.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.79"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone 7906g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.18"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(8)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)24"
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.3"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.2"
},
{
"_id": null,
"model": "application velocity system 3180a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3.728"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(15)"
},
{
"_id": null,
"model": "ip communicator",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.5"
},
{
"_id": null,
"model": "windows server terminal services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.54"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "83"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.2"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "7.0-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.3.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "nx-os 4.1 n2",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos 2.4.8.0-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)16"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "application networking manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2"
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)17"
},
{
"_id": null,
"model": "project proftpd 1.3.2c",
"scope": "ne",
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2"
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.659"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.5"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76001.1(3.17)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.21"
},
{
"_id": null,
"model": "access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "web server r1",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(17)"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "6.4-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan controllers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.112.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.14"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "weblogic server mp2",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.3.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.4.3"
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.18"
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"_id": null,
"model": "network analysis module 4.1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "jdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.6"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)70"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4.0"
},
{
"_id": null,
"model": "java system web server plugin",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.00"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.64"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "windows xp 64-bit edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.7"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.13"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "java se sr10",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.188.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "-release-p5",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.19)"
},
{
"_id": null,
"model": "windows server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.17"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.2.3"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensolaris build snv 128",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6.1"
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.1"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.0(5.6)"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "-prerelease",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.96"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(5)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.4"
},
{
"_id": null,
"model": "java system directory server 2005q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.2"
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.7)"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.207.0"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15531"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.2"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "developer\u0027s kit for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.50"
},
{
"_id": null,
"model": "unified ip phone 7960g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system application server platform edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"_id": null,
"model": "project openssl g",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3"
},
{
"_id": null,
"model": "-release-p8",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.5"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4"
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3"
},
{
"_id": null,
"model": "windows server for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.3"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(6)"
},
{
"_id": null,
"model": "systems insight manager sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(3)"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.4"
},
{
"_id": null,
"model": "meeting exchange client registration server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "ace module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"_id": null,
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.12"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "unity connection",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1"
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.4"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "7.2-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.4"
},
{
"_id": null,
"model": "7.0-release-p8",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "windows server enterprise edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.2"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(2)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(5.2)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(7)"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.5"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.3.1"
},
{
"_id": null,
"model": "jdk 1.5.0.0 04",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.50.3.45"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "java system directory server patch2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "windows server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.3"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.19"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3"
},
{
"_id": null,
"model": "linux enterprise sdk sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(2)"
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager 7.1 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.13"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.27)"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "java enterprise system",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "2.1-rc8",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.9"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.55)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.4"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"_id": null,
"model": "7.2-stable",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.182.0"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0"
},
{
"_id": null,
"model": "ace web application firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone sccp 8.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.1"
},
{
"_id": null,
"model": "windows vista edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "enterprise linux for sap server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.81)"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.4.6"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.17"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "6.1.0.103"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2"
},
{
"_id": null,
"model": "unified intelligent contact management enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5(8)"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.7)"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.3"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.6.1"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.8.1"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr7",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.50"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.35"
},
{
"_id": null,
"model": "-release-p6",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "jdk",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.1"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services 4.1.1b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)28"
},
{
"_id": null,
"model": "jdk 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.4"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.91.0"
},
{
"_id": null,
"model": "access manager",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "3.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.9"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7935"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.31"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.10"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(4)"
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "opensolaris build snv 125",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.23"
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "7.0-release-p3",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.3"
},
{
"_id": null,
"model": "6.4-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)5"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "esx",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.52"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.21"
},
{
"_id": null,
"model": "communication manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.9"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.2.3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.1"
},
{
"_id": null,
"model": "linux enterprise desktop sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.5"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.15"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.1"
},
{
"_id": null,
"model": "windows server for x64-based systems r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.3"
},
{
"_id": null,
"model": "windows server datacenter edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.9"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.x"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9"
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8.6)"
},
{
"_id": null,
"model": "project openssl l",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.1"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)15"
},
{
"_id": null,
"model": "pfsense",
"scope": "ne",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.13"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(6.33)"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2(3)"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.53"
},
{
"_id": null,
"model": "java system directory server patch4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "41.0"
},
{
"_id": null,
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows server for itanium-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.6"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.8"
},
{
"_id": null,
"model": "glassfish enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "2.1.1"
},
{
"_id": null,
"model": "windows vista ultimate",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.8"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.1(1)"
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.196.0"
},
{
"_id": null,
"model": "unified callmanager 5.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.01"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5.3"
},
{
"_id": null,
"model": "unified callmanager 5.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.1.1"
},
{
"_id": null,
"model": "csm 4.2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.1 sr8",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)23"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.7.1"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55008.1(2.39)"
},
{
"_id": null,
"model": "enterprise virtualization hypervisor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.4"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.8"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jre 07",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.12"
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified callmanager sr5b",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.23"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.4.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.5"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.31"
},
{
"_id": null,
"model": "security agent for callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.1"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.0.0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "java sdk sr13-fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)10"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.2.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.11"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.1(17)"
},
{
"_id": null,
"model": "web server a",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.193.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)22"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "project openssl beta3",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "java se sr5",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "2.36"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.7"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.17"
},
{
"_id": null,
"model": "project proftpd 1.3.2a",
"scope": null,
"trust": 0.3,
"vendor": "proftpd",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.20"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.13"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "ironport email security appliance x-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "ace gss series global site selector",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44000"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7940"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.62.0"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "project proftpd .0rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "rsa data protection manager applicance",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.1"
},
{
"_id": null,
"model": "opensolaris build snv 117",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.0.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)4"
},
{
"_id": null,
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65004.1(1)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.36"
},
{
"_id": null,
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)5"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.61"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "current",
"scope": null,
"trust": 0.3,
"vendor": "netbsd",
"version": null
},
{
"_id": null,
"model": "pfsense",
"scope": "eq",
"trust": 0.3,
"vendor": "bsdperimeter",
"version": "1.2"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "spam \u0026 virus blocker b-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "ne",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.7"
},
{
"_id": null,
"model": "enterprise linux hpc node supplementary",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux desktop supplementary client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.42.7"
},
{
"_id": null,
"model": "ciscoworks wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows server datacenter edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "java system directory server patch3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(1)"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.2"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(1)"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.3.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.176.51"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "sdk 02",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project proftpd .0rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "unified communications manager sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "jdk 0 03",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "wireless control system for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "transportation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"_id": null,
"model": "ucosminexus portal framework",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(7)16"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.62"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.9"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0x64"
},
{
"_id": null,
"model": "linux enterprise desktop sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "1.1-1"
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2.1"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.5"
},
{
"_id": null,
"model": "windows vista home premium 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.28)"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.x"
},
{
"_id": null,
"model": "windows xp embedded sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.4"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.4.3"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified callmanager 4.2 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "windows vista business 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.0.4.3"
},
{
"_id": null,
"model": "2.1-beta14",
"scope": null,
"trust": 0.3,
"vendor": "openvpn",
"version": null
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "java system web server sp9",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "meeting exchange streaming server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.4.1"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc4",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"_id": null,
"model": "linux enterprise sp2 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16000"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2)"
},
{
"_id": null,
"model": "syslog-ng premium edition",
"scope": "eq",
"trust": 0.3,
"vendor": "balabit",
"version": "3.0.6"
},
{
"_id": null,
"model": "opensolaris build snv 121",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.23"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2.3)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6.6"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.7.1"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.4"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1a",
"scope": null,
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "sdk 01",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.4.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "linux enterprise sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.x"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.2"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.34"
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.3"
},
{
"_id": null,
"model": "web server 4.3r5",
"scope": "ne",
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)9"
},
{
"_id": null,
"model": "opensolaris build snv 124",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "4.2"
},
{
"_id": null,
"model": "java sdk sr3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "unified ip phone 7940g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "2.5.6.24"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.13"
},
{
"_id": null,
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.9"
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.7"
},
{
"_id": null,
"model": "linux enterprise sp3 debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "wireless location appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "weblogic server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1"
},
{
"_id": null,
"model": "meeting exchange sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "java system web server update",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.03"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.7"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.205.0"
},
{
"_id": null,
"model": "windows for itanium-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.8)"
},
{
"_id": null,
"model": "db2 universal database",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.11"
},
{
"_id": null,
"model": "windows xp gold",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)6"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.18"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.6"
},
{
"_id": null,
"model": "linux enterprise desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.7"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.2"
},
{
"_id": null,
"model": "java system web server update",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": "7.07"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.1"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified communications manager 7.0",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(1.126)"
},
{
"_id": null,
"model": "6.3-release-p11",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "java system application server enterprise edition 2005q1rhel2.1/rhel3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2"
},
{
"_id": null,
"model": "tivoli endpoint manager patch",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.3"
},
{
"_id": null,
"model": "windows xp 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ucosminexus operator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified callmanager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.6.0"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)71"
},
{
"_id": null,
"model": "ironport web security management appliance m-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "siparator",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "web server r5",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "windows vista sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "unified ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8(0)"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows vista business 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "enterprise linux supplementary server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.8"
},
{
"_id": null,
"model": "7.1-release-p5",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1.7"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11052.0.2"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.3"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "esx server esx410-201101201",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "windows xp media center edition sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.01"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(4)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0"
},
{
"_id": null,
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "17000"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "matrixssl",
"scope": "eq",
"trust": 0.3,
"vendor": "matrixssl",
"version": "1.8.7"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.2.4.2"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "security agent for icm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.96"
},
{
"_id": null,
"model": "unified communications manager 6.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"_id": null,
"model": "-pre-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.0.4"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0.12"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.2"
},
{
"_id": null,
"model": "firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "ingate",
"version": "4.8.1"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.5.0"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0(3)"
},
{
"_id": null,
"model": "digital media manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.02"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "java system web server sp8",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista home premium sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.8.2"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.18"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.x"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.3"
},
{
"_id": null,
"model": "windows xp embedded",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "linux enterprise sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.16"
},
{
"_id": null,
"model": "project openssl 0.9.8g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.6"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.3"
},
{
"_id": null,
"model": "os/400 v6r1m1",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "1.6"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.3"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "os/400 v5r4m5",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"_id": null,
"model": "-release-p9",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.3"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.95"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.3"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "java system web server sp10",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.17"
},
{
"_id": null,
"model": "ons series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "155000"
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "31205.0.1"
},
{
"_id": null,
"model": "windows vista business sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "wireless lan control m",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"_id": null,
"model": "cvlan",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"_id": null,
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"_id": null,
"model": "-release-p1",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.3.4"
},
{
"_id": null,
"model": "windows terminal services sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "jre beta",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5.0"
},
{
"_id": null,
"model": "ironport email security appliance c-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0.1"
},
{
"_id": null,
"model": "java sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.16)"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.6"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "7.1-release-p6",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "windows vista enterprise sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project proftpd rc3",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3"
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "tivoli storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.2"
},
{
"_id": null,
"model": "java se sr11",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "6.4-release-p2",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.1.10"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.23"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.5"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.18)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "-stable",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.02"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.6"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.52"
},
{
"_id": null,
"model": "enterprise linux as extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "secure gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "citrix",
"version": "3.1"
},
{
"_id": null,
"model": "java se sr11 pf1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"_id": null,
"model": "network security services",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.1.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.1"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76003.2(15)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.3.1"
},
{
"_id": null,
"model": "unified ip phone 7941g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "project proftpd rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)25"
},
{
"_id": null,
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "application \u0026 content networking software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.5.17"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(0.98000.106)"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.6"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"_id": null,
"model": "java system application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.4"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.8.7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"_id": null,
"model": "linux enterprise desktop sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise server debuginfo",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.0.2"
},
{
"_id": null,
"model": "coat systems proxysg 200-c",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.1"
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "db2 universal database fix pack 6a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "cosminexus studio standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "windows server itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v801-00"
},
{
"_id": null,
"model": "wireless control system software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.96"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.49)"
},
{
"_id": null,
"model": "identity management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4.0.1"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15530"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.1.12"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.5"
},
{
"_id": null,
"model": "unified contact center hosted icm7.1 es46",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)2"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.0"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.4.2"
},
{
"_id": null,
"model": "wireless control system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "video surveillance media server software",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.1"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.1.0"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "java system web server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "java system web server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "java system application server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.1"
},
{
"_id": null,
"model": "windows xp embedded sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.60"
},
{
"_id": null,
"model": "windows vista ultimate 64-bit edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "6.0-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0"
},
{
"_id": null,
"model": "linux enterprise teradata sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.2.77"
},
{
"_id": null,
"model": "jdk 0 09",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "1.5"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.0"
},
{
"_id": null,
"model": "communication manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0"
},
{
"_id": null,
"model": "vcenter",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.4"
},
{
"_id": null,
"model": "network analysis module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.1.6"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.50"
},
{
"_id": null,
"model": "java system web proxy server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "unified contact center enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(5)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.29"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.9"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.1"
},
{
"_id": null,
"model": "windows home premium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"_id": null,
"model": "windows vista sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application velocity system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3180"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux enterprise java sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.4"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5.0"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.22"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "11.0"
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "ibm xl c/c++ enterprise edition for aix \u0026 hitachi developer\u0027s",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "v701-00"
},
{
"_id": null,
"model": "windows starter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1)"
},
{
"_id": null,
"model": "openbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "openbsd",
"version": "4.6"
},
{
"_id": null,
"model": "java system application server enterprise edition q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "8.12005"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.14"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)14"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.11"
},
{
"_id": null,
"model": "jdk 1.5.0.0 12",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows vista home basic sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "76004.0(9)"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "16009.2.3"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "pfsense 1.2-rc1",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.4"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "big-ip wan optimization module",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "jdk 1.6.0 01-b06",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "network analysis module patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.12"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.1.1"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4.1"
},
{
"_id": null,
"model": "ace appliance a3",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4710"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6"
},
{
"_id": null,
"model": "arubaos rn",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.1.1"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.5)"
},
{
"_id": null,
"model": "meeting exchange webportal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "-6.0"
},
{
"_id": null,
"model": "unified ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.3"
},
{
"_id": null,
"model": "css11500 content services switch",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.601"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.(2.17)"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "java system web server sp11",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "jdk 1.5.0.0 03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "jboss enterprise web server el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"_id": null,
"model": "one directory server patch",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.24"
},
{
"_id": null,
"model": "windows vista ultimate sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "project openssl k",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "sdk for java",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "unified communications manager 7.0 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.1"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "coat systems proxysg",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.10"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.27"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3.10"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3-1"
},
{
"_id": null,
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "asa series adaptive security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "55007.2(4.44)"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.5"
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "windows vista enterprise sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.12"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "application networking manager update a",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(1.22)"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.0"
},
{
"_id": null,
"model": "wide area application services",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.2.1"
},
{
"_id": null,
"model": "ons t31 omds metro wdm system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15532"
},
{
"_id": null,
"model": "blackberry enterprise server for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.19"
},
{
"_id": null,
"model": "opensolaris build snv 116",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.(2.48)"
},
{
"_id": null,
"model": "6.4-releng",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "windows server r2 datacenter",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20080"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.8"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "-release-p2",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "7.1"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)78"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"_id": null,
"model": "project openssl 0.9.8f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.6"
},
{
"_id": null,
"model": "windows vista enterprise 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "3.0"
},
{
"_id": null,
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "windows vista home basic",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4)7"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"_id": null,
"model": "firefox",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.5.7"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2)74"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"_id": null,
"model": "fuji",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "virtual connect 8gb 24-port fc module",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "windows server standard edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.2"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "15009.4.5"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1(2.79)"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.2"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "cosminexus studio web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.3.2"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(5)"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0"
},
{
"_id": null,
"model": "ace appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47100"
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.25"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "csm",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)6"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.1.5.1"
},
{
"_id": null,
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"_id": null,
"model": "blackberry enterprise server express for exchange mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.13"
},
{
"_id": null,
"model": "windows vista edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.4.27"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "web server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "unified ip phone 8.0 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.2"
},
{
"_id": null,
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fwsm for cisco catalyst series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6500/76002.3.1"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.1.0"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server r4",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.2"
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.639"
},
{
"_id": null,
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager sr5c",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.5"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "windows terminal services sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified callmanager 3.3 sr2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.7.7"
},
{
"_id": null,
"model": "windows server standard edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "6.3-release-p10",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.13"
},
{
"_id": null,
"model": "java system directory server 2003q4",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1-1"
},
{
"_id": null,
"model": "windows server enterprise edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0.3"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "3.2.1"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "java enterprise system 2005q4",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "java system directory server 2005q1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "opensolaris build snv 120",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "openoffice",
"scope": "ne",
"trust": 0.3,
"vendor": "openoffice",
"version": "3.2.1"
},
{
"_id": null,
"model": "tivoli endpoint manager",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1310"
},
{
"_id": null,
"model": "circle",
"scope": "eq",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.37"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.2"
},
{
"_id": null,
"model": "windows xp 64-bit edition version sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "java se sr6",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino mr1",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.0(8)3"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "7.1-release-p4",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10000"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.7"
},
{
"_id": null,
"model": "firefox",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.6.2"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.11"
},
{
"_id": null,
"model": "meeting exchange sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"_id": null,
"model": "firewalll",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.4"
},
{
"_id": null,
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "-releng",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.2"
},
{
"_id": null,
"model": "video surveillance operations manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.27"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "5.0.1"
},
{
"_id": null,
"model": "network collector",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "beta",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.0"
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.8"
},
{
"_id": null,
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "desktop extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.16"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0.95"
},
{
"_id": null,
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.6.4"
},
{
"_id": null,
"model": "windows vista ultimate sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "ne",
"trust": 0.3,
"vendor": "opera",
"version": "10.50"
},
{
"_id": null,
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.34"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.31"
},
{
"_id": null,
"model": "unified callmanager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)27"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.0.7"
},
{
"_id": null,
"model": "blackberry enterprise server for exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.2"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)006"
},
{
"_id": null,
"model": "windows ultimate",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "70"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.0"
},
{
"_id": null,
"model": "wireless lan controller module",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "db2 universal database fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.19"
},
{
"_id": null,
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "3.0"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "unified callmanager 4.1 sr4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "bigip sam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "8.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)13"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.2.1b",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "oracle11g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.7"
},
{
"_id": null,
"model": "siparator",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "bigip application security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.2.5"
},
{
"_id": null,
"model": "mobile wireless transport manager",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "systems insight manager c.05.00.02",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "1.4.3"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34000"
},
{
"_id": null,
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"_id": null,
"model": "project openssl d",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows datacenter server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "csm",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "2.1(4)"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "oracle11g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.2.0.2.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10.10"
},
{
"_id": null,
"model": "windows server datacenter edition itanium sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "windows server for x64-based systems sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "firepass",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "seamonkey",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.2"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(3)"
},
{
"_id": null,
"model": "ons",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "15540"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.3"
},
{
"_id": null,
"model": "ucosminexus client",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "gnutls",
"scope": "eq",
"trust": 0.3,
"vendor": "gnu",
"version": "2.4.1"
},
{
"_id": null,
"model": "syslog-ng premium edition 3.0.7a",
"scope": "ne",
"trust": 0.3,
"vendor": "balabit",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "project openssl a",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(4)"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(1)2"
},
{
"_id": null,
"model": "-release-p3",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.4"
},
{
"_id": null,
"model": "java system web server sp7",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "bigip global traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.1"
},
{
"_id": null,
"model": "project openssl f",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.11"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "7.0"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1.1.3"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "enterprise linux ws extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.0.7"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.10"
},
{
"_id": null,
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "security agent for ipcc enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.639"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "enterprise linux es extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.2"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.15)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3"
},
{
"_id": null,
"model": "windows server itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "arubaos 3.3.2.14-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "8.01"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.2"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.2.5"
},
{
"_id": null,
"model": "unified communications manager sr4",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.2"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.2.8"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"_id": null,
"model": "project openssl h",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "systems insight manager update",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.31"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "circle",
"scope": "ne",
"trust": 0.3,
"vendor": "voodoo",
"version": "1.1.38"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.2.5"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"_id": null,
"model": "project openssl i",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "wireless control system for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ironport web security appliance s-series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3.3"
},
{
"_id": null,
"model": "oracle10g personal edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.4"
},
{
"_id": null,
"model": "project proftpd",
"scope": "eq",
"trust": 0.3,
"vendor": "proftpd",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.8"
},
{
"_id": null,
"model": "windows vista beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1"
},
{
"_id": null,
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"_id": null,
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"_id": null,
"model": "websphere datapower soa appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.7.3"
},
{
"_id": null,
"model": "netbsd",
"scope": "eq",
"trust": 0.3,
"vendor": "netbsd",
"version": "4.0.1"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.4"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10009.4.6"
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.9"
},
{
"_id": null,
"model": "java se sr7",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server 4.3r4",
"scope": null,
"trust": 0.3,
"vendor": "zeus",
"version": null
},
{
"_id": null,
"model": "windows xp professional edition sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"_id": null,
"model": "project openssl c",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "ciscoworks common services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.1.1"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"_id": null,
"model": "7.0-release",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.6"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.10"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.3"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.8"
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp professional sp3",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "freebsd",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.5.2"
},
{
"_id": null,
"model": "opensolaris build snv 113",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.0.193"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "arubaos 3.3.2.13-fips",
"scope": null,
"trust": 0.3,
"vendor": "arubanetworks",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.4.2"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.4.5"
},
{
"_id": null,
"model": "enterprise linux as for sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "windows terminal services sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.5"
},
{
"_id": null,
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"_id": null,
"model": "java system directory server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.3.1"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.0.9"
},
{
"_id": null,
"model": "rsa data protection manager appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "3.5.1"
},
{
"_id": null,
"model": "opensolaris build snv 119",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"_id": null,
"model": "windows vista home basic 64-bit edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "blackberry enterprise server for novell groupwise",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "5.0.1"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.9"
},
{
"_id": null,
"model": "network security services",
"scope": "ne",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.12.5"
},
{
"_id": null,
"model": "enterprise linux extras",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.14.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.8"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0"
},
{
"_id": null,
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"_id": null,
"model": "unified communications manager 4.2 sr2",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.x"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)15"
},
{
"_id": null,
"model": "windows",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.5"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.3.1"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.3(2)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "systems insight manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "wanjet",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4.30)"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "unified ip phone 7961g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11302.0.2"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "4.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.1.3"
},
{
"_id": null,
"model": "digital media player",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1(2)19"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "5.0.6"
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "coat systems packetshaper",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "8.3.2"
},
{
"_id": null,
"model": "css11500 content services switch s",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.10"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.2.1"
},
{
"_id": null,
"model": "security agent",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0(2.099)"
},
{
"_id": null,
"model": "big-ip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.6.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "arubaos",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.26"
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "4.1"
},
{
"_id": null,
"model": "integrated management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "coat systems blue coat reporter",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "9.2.3.1"
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2.1"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "5.4.3"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone 7970g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "-release",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.0"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.26"
},
{
"_id": null,
"model": "systems insight manager sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(4.9)"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.2"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"_id": null,
"model": "openoffice",
"scope": "eq",
"trust": 0.3,
"vendor": "openoffice",
"version": "2.1"
},
{
"_id": null,
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "wireless lan control",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.1"
},
{
"_id": null,
"model": "websphere mq internet pass-thru",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2"
},
{
"_id": null,
"model": "java system directory server 2004q2",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "5.2"
},
{
"_id": null,
"model": "7.2-release-p1",
"scope": null,
"trust": 0.3,
"vendor": "freebsd",
"version": null
},
{
"_id": null,
"model": "arubaos",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "3.3.2.23"
},
{
"_id": null,
"model": "weblogic server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.4"
},
{
"_id": null,
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.1"
},
{
"_id": null,
"model": "ace application control engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "47000"
},
{
"_id": null,
"model": "jdk 1.5.0 07-b03",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"_id": null,
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2008"
},
{
"_id": null,
"model": "openvpn",
"scope": "eq",
"trust": 0.3,
"vendor": "openvpn",
"version": "2.0.7"
},
{
"_id": null,
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"_id": null,
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.573"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"_id": null,
"model": "-release-p10",
"scope": "eq",
"trust": 0.3,
"vendor": "freebsd",
"version": "6.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"_id": null,
"model": "project openssl e",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.8"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.3.5"
},
{
"_id": null,
"model": "big-ip",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5.11"
},
{
"_id": null,
"model": "security agent for ipcc hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.616"
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "matrix operating environment",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"_id": null,
"model": "3-dns",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.6.4"
},
{
"_id": null,
"model": "enterprise linux sap",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "zeus",
"version": "3.1.5"
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows xp embedded sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"_id": null,
"model": "fortios",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.3.9"
},
{
"_id": null,
"model": "software opera web browser beta",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.201"
},
{
"_id": null,
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.5"
},
{
"_id": null,
"model": "unified ip phone 7971g",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "windows vista beta",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.0.5"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1(1)"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "pfsense 1.2-rc2",
"scope": null,
"trust": 0.3,
"vendor": "bsdperimeter",
"version": null
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "9.21"
},
{
"_id": null,
"model": "windows vista enterprise",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "oracle10g standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.5"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2-2"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "unified ip phone sccp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(8)"
},
{
"_id": null,
"model": "security agent",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.5.1.657"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.1(17)"
},
{
"_id": null,
"model": "unified communications manager 4.3 sr.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "java system web server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"_id": null,
"model": "bigip local traffic manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "34009.2.5"
},
{
"_id": null,
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"_id": null,
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1(2)"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "ironport encryption appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.3"
},
{
"_id": null,
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "10"
},
{
"_id": null,
"model": "firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "ingate",
"version": "4.5.1"
},
{
"_id": null,
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.7"
},
{
"_id": null,
"model": "systems insight manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "opensolaris build snv 115",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "db2 universal database fix pack 4a",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "download accelarator",
"scope": "eq",
"trust": 0.3,
"vendor": "prozilla",
"version": "1.3.2"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "9.3.1"
},
{
"_id": null,
"model": "cns network registrar",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "6.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "security agent for cvp",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.04.5.1.639"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "project openssl m",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "catalyst",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "65003.2(15)"
},
{
"_id": null,
"model": "java sdk sr13-fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.4.2"
},
{
"_id": null,
"model": "java system web server sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.1"
},
{
"_id": null,
"model": "project openssl b",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.2"
},
{
"_id": null,
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(4)30"
},
{
"_id": null,
"model": "wireless lan solution engine",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "wide area application services",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.0.7"
},
{
"_id": null,
"model": "unified contact center hosted",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(3)"
},
{
"_id": null,
"model": "blackberry enterprise server express for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "rim",
"version": "4.1.4"
},
{
"_id": null,
"model": "opensolaris build snv 127",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "pix/asa",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2(2.10)"
},
{
"_id": null,
"model": "java system web server",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "6.0"
},
{
"_id": null,
"model": "project openssl j",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "0.9.6"
},
{
"_id": null,
"model": "oracle10g enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.0.4"
},
{
"_id": null,
"model": "windows server web edition sp1 beta",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20031"
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"credits": {
"_id": null,
"data": "Mitsubishi Electric reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
},
"cve": "CVE-2009-3555",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-3555",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-41001",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-3555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-3555",
"trust": 0.8,
"value": "0"
},
{
"author": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-41001",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"description": {
"_id": null,
"data": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. Multiple vendors\u0027 TLS protocol implementations are prone to a security vulnerability related to the session-renegotiation process. \nSuccessful exploits of this issue may allow attackers to perform limited man-in-the-middle attacks against vulnerable applications. Note that this issue does not allow attackers to decrypt encrypted data. The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the Network Working Group:The server treats the client\u0027s initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data.This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n The gnutls_x509_crt_get_serial function in the GnuTLS library before\n 1.2.1, when running on big-endian, 64-bit platforms, calls the\n asn1_read_value with a pointer to the wrong data type and the wrong\n length value, which allows remote attackers to bypass the certificate\n revocation list (CRL) check and cause a stack-based buffer overflow\n via a crafted X.509 certificate, related to extraction of a serial\n number (CVE-2010-0731). \n \n The updated packages have been patched to correct these issues. \n - The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"Poodle\", which could be exploited remotely\nresulting in disclosure of information. ----------------------------------------------------------------------\n\n\nhttp://secunia.com/research/\n\nhttp://secunia.com/company/jobs/open_positions/reverse_engineer\n\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Application Server Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44293\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44293/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nRELEASE DATE:\n2011-04-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44293/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44293/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Oracle Application\nServer, which can be exploited by malicious users and people to\nmanipulate certain data. \n\n1) An error exists in the C Oracle SSL API of the Oracle Security\nService component and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #1:\nSA37291\n\n2) An unspecified error in the Oracle HTTP Server component can be\nexploited to manipulate certain data. \n\n3) An error exists in the Midtier Infrastructure of the Portal\ncomponent and can be exploited to manipulate certain data. \n\nFor more information see vulnerability #3:\nSA44246\n\n4) An unspecified error in the Single Sign On component can be\nexploited by authenticated users to manipulate certain data. \n\nThe vulnerabilities are reported in the following products:\n* Oracle Application Server 10g Release 2 version 10.1.2.3.0. \n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nIt is currently unclear who reported these vulnerabilities as the\nOracle Critical Patch Update for April 2011 only provides a bundled\nlist of credits. This section will be updated when/if the original\nreporter provides more information. \n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2010:084\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : April 28, 2010\n Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple Java OpenJDK security vulnerabilities has been identified\n and fixed:\n \n - TLS: MITM attacks via session renegotiation (CVE-2009-3555). \n - Loader-constraint table allows arrays instead of only the b\n ase-classes (CVE-2010-0082). \n - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). \n - File TOCTOU deserialization vulnerability (CVE-2010-0085). \n - Inflater/Deflater clone issues (CVE-2010-0088). \n - Unsigned applet can retrieve the dragged information before drop\n action occurs (CVE-2010-0091). \n - AtomicReferenceArray causes SIGSEGV -\u003e SEGV_MAPERR error\n (CVE-2010-0092). \n - System.arraycopy unable to reference elements beyond\n Integer.MAX_VALUE bytes (CVE-2010-0093). \n - Deserialization of RMIConnectionImpl objects should enforce stricter\n checks (CVE-2010-0094). \n - Subclasses of InetAddress may incorrectly interpret network addresses\n (CVE-2010-0095). \n - JAR unpack200 must verify input parameters (CVE-2010-0837). \n - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). \n - Applet Trusted Methods Chaining Privilege Escalation Vulner ability\n (CVE-2010-0840). \n - No ClassCastException for HashAttributeSet constructors if run with\n -Xcomp (CVE-2010-0845)\n - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). \n - AWT Library Invalid Index Vulnerability (CVE-2010-0848). \n \n Additional security issues that was fixed with IcedTea6 1.6.2:\n - deprecate MD2 in SSL cert validation (CVE-2009-2409). \n - ICC_Profile file existence detection information leak\n (CVE-2009-3728). \n - JRE AWT setDifflCM stack overflow (CVE-2009-3869). \n - JRE AWT setBytePixels heap overflow (CVE-2009-3871). \n - JPEG Image Writer quantization problem (CVE-2009-3873). \n - ImageI/O JPEG heap overflow (CVE-2009-3874). \n - MessageDigest.isEqual introduces timing attack vulnerabilities\n (CVE-2009-3875). \n - OpenJDK ASN.1/DER input stream parser denial of service\n (CVE-2009-3876, CVE-2009-3877)\n - GraphicsConfiguration information leak (CVE-2009-3879). \n - UI logging information leakage (CVE-2009-3880). \n - resurrected classloaders can still have children (CVE-2009-3881). \n - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). \n - Mutable statics in Windows PL\u0026F (findbugs) (CVE-2009-3883). \n - zoneinfo file existence information leak (CVE-2009-3884). \n - BMP parsing DoS with UNC ICC links (CVE-2009-3885). \n \n Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found\n and fixed a bug in IcedTea6 1.8 that is also applied to the provided\n packages:\n \n * plugin/icedteanp/IcedTeaNPPlugin.cc\n (plugin_filter_environment): Increment malloc size by one to\n account for\n NULL terminator. Bug# 474. \n \n Packages for 2009.0 are provided due to the Extended Maintenance\n Program. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3728\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3869\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3871\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3873\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3874\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3875\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3876\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3877\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3879\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3880\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3881\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3882\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3883\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3884\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3885\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848\n http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938\n http://blogs.sun.com/darcy/resource/OpenJDK_6/openjdk6-b18-changes-summary.html\n http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n 37c14ebea4b3ceccbecba4ffea2630a6 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 3f7ba1d78aaf5f1ca56e86fcb48e7192 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 12963efa8b4ea6691ba68f4e72e81e5d 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 6387d4381c518c5658701c114c5fcb9d 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n f90d2a22c10b6eb30aedef13207d346c 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.i586.rpm\n 01e62b54974a3d1b5232de0baa196e41 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.i586.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 630941e679a033285ddf5cb3e4c1d092 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n 6330c6dda9cf7c59a90f529bceeee17b 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n c7d708c5f14d710a6bdcc352bb18a55a 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n edf4b1d8efeb157bb0f19b4c4cc55935 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n ac9f8227297249940b1845f3ad95165f 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm\n d1ed0ce1155c85c423d0cbe47eadfa5b 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.0.x86_64.rpm \n 212262f34829af20e53fb2076fa78d25 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 304bc2cab18b29781bfac69d4927ddce 2009.1/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 77f0d2e2b2c04288a5aae608a2f73f1a 2009.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 7ff7542b4328fd978725f8e0b02590d9 2009.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 3d1bf214209ea3aef86b58962e80901e 2009.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n f52cf5f8d3f85b98da246963d583f6bc 2009.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.i586.rpm\n 87b2fd7ac9883e624e71faa993559e78 2009.1/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.i586.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 883105d4347bb0864c7c73e4f0865066 2009.1/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n ac44d41806625e0be7a55ff30bf1f0e7 2009.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67db7247fbf1b5be5391f33603b9148c 2009.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 0b6e7a93df49306976453daf29a29d96 2009.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 67e679d7aa4545a968889dcbb1a3fa8e 2009.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm\n 4042e3ae7e3b2dbdcba0e73aadd219d5 2009.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2009.1.x86_64.rpm \n 0ff2ca4dfc122a3538349ed2dab6ed81 2009.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n f3c1bb7b091d5889a856edf93e066367 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 7f717091a34f98e9547c698bf08065f5 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 21b8532c934559100b0dbc498ba3c52e 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 8711fdef27cce9af73191903f85dbcd6 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n 1905269f878bb1c6367dedc6797f6914 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.i586.rpm\n c5f53d24770de6704f00fdf34c87a703 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.i586.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 100203d38e76348f262d69d2cae8a7ba 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n f155019a4a22d7bf7265c67024dcbc33 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 8eaf304d6eb93212d1045adc301de385 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 2e2082bd89db22cf5fa4be2ebaceb71c 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n 3e7a1849db88a8b8ddcdf30441edfcb7 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm\n fbc9da5e2080972f6f8c01f23e86890f 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdv2010.0.x86_64.rpm \n b789ff663963ae8b60a0d189b870907c 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdv2010.0.src.rpm\n\n Mandriva Enterprise Server 5:\n 742a7a6dcc82962a132eadb91a2b1736 mes5/i586/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 3acd32ccd1fee71f07ccb4b038434ffd mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n c3358ac84dbc950752655fee46fd5e4b mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n a30ef6b33fd9ba1403ab46ef9643efdb mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n 534f95a18c4798ec80cdfe47bd1148a8 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm\n e79e4bd9462096222f5b07d681b3d418 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.i586.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 180566f92a5564c747c716ecdf082c8f mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 5e05d90fe32dfce7b15db7d9e5604227 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 09506c689ed0265023861e006fbcb624 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n c9ff4a3a4695c56b13268d76c355cfbe mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 0a70a54c2eed68e723cbc65de63bfbff mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm\n 166c980a8479cd915f3507070c25508e mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-2.b18.2mdvmes5.1.x86_64.rpm \n 0bc580c8d4d6e57cbee939bf68743170 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-2.b18.2mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFL1/vUmqjQ0CJFipgRAlcyAJ9+2v53cztdo8nXoixp0vg0IuQjrACbB/vW\n+oOtru3I2iYRjlx04fi7wMw=\n=rIwa\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201301-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Products: Multiple vulnerabilities\n Date: January 08, 2013\n Bugs: #180159, #181361, #207261, #238535, #246602, #251322,\n #255221, #255234, #255687, #257577, #260062, #261386,\n #262704, #267234, #273918, #277752, #280226, #280234,\n #280393, #282549, #284439, #286721, #290892, #292034,\n #297532, #305689, #307045, #311021, #312361, #312645,\n #312651, #312675, #312679, #312763, #313003, #324735,\n #326341, #329279, #336396, #341821, #342847, #348316,\n #357057, #360055, #360315, #365323, #373595, #379549,\n #381245, #388045, #390771, #395431, #401701, #403183,\n #404437, #408161, #413657, #419917, #427224, #433383,\n #437780, #439586, #439960, #444318\n ID: 201301-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which\nmay allow execution of arbitrary code or local privilege escalation. \n\nBackground\n==========\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird\nan open-source email client, both from the Mozilla Project. The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as the\n\u0027Mozilla Application Suite\u0027. XULRunner is a Mozilla runtime package\nthat can be used to bootstrap XUL+XPCOM applications such as Firefox\nand Thunderbird. NSS is Mozilla\u0027s Network Security Services library\nthat implements PKI support. IceCat is the GNU version of Firefox. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 10.0.11 \u003e= 10.0.11\n 2 www-client/firefox-bin \u003c 10.0.11 \u003e= 10.0.11\n 3 mail-client/thunderbird \u003c 10.0.11 \u003e= 10.0.11\n 4 mail-client/thunderbird-bin\n \u003c 10.0.11 \u003e= 10.0.11\n 5 www-client/seamonkey \u003c 2.14-r1 \u003e= 2.14-r1\n 6 www-client/seamonkey-bin\n \u003c 2.14 \u003e= 2.14\n 7 dev-libs/nss \u003c 3.14 \u003e= 3.14\n 8 www-client/mozilla-firefox\n \u003c= 3.6.8 Vulnerable!\n 9 www-client/mozilla-firefox-bin\n \u003c= 3.5.6 Vulnerable!\n 10 mail-client/mozilla-thunderbird\n \u003c= 3.0.4-r1 Vulnerable!\n 11 mail-client/mozilla-thunderbird-bin\n \u003c= 3.0 Vulnerable!\n 12 www-client/icecat \u003c= 10.0-r1 Vulnerable!\n 13 net-libs/xulrunner \u003c= 2.0-r1 Vulnerable!\n 14 net-libs/xulrunner-bin \u003c= 1.8.1.19 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n 14 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox,\nThunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker could entice a user to view a specially crafted web\npage or email, possibly resulting in execution of arbitrary code or a\nDenial of Service condition. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nbypass restrictions and protection mechanisms, force file downloads,\nconduct XML injection attacks, conduct XSS attacks, bypass the Same\nOrigin Policy, spoof URL\u0027s for phishing attacks, trigger a vertical\nscroll, spoof the location bar, spoof an SSL indicator, modify the\nbrowser\u0027s font, conduct clickjacking attacks, or have other unspecified\nimpact. \n\nA local attacker could gain escalated privileges, obtain sensitive\ninformation, or replace an arbitrary downloaded file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nAll users of the Mozilla Firefox binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nAll users of the Mozilla Thunderbird binary package should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nAll Mozilla SeaMonkey users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-2.14-r1\"\n\nAll users of the Mozilla SeaMonkey binary package should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/seamonkey-bin-2.14\"\n\nAll NSS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.14\"\n\nThe \"www-client/mozilla-firefox\" package has been merged into the\n\"www-client/firefox\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox\" and then emerge the latest\n\"www-client/firefox\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-10.0.11\"\n\nThe \"www-client/mozilla-firefox-bin\" package has been merged into the\n\"www-client/firefox-bin\" package. To upgrade, please unmerge\n\"www-client/mozilla-firefox-bin\" and then emerge the latest\n\"www-client/firefox-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"www-client/mozilla-firefox-bin\"\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-10.0.11\"=\n\n\nThe \"mail-client/mozilla-thunderbird\" package has been merged into the\n\"mail-client/thunderbird\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird\" and then emerge the latest\n\"mail-client/thunderbird\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-10.0.11\"\n\nThe \"mail-client/mozilla-thunderbird-bin\" package has been merged into\nthe \"mail-client/thunderbird-bin\" package. To upgrade, please unmerge\n\"mail-client/mozilla-thunderbird-bin\" and then emerge the latest\n\"mail-client/thunderbird-bin\" package:\n\n # emerge --sync\n # emerge --unmerge \"mail-client/mozilla-thunderbird-bin\"\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-10.0.11\"\n\nGentoo discontinued support for GNU IceCat. We recommend that users\nunmerge GNU IceCat:\n\n # emerge --unmerge \"www-client/icecat\"\n\nGentoo discontinued support for XULRunner. We recommend that users\nunmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner\"\n\nGentoo discontinued support for the XULRunner binary package. We\nrecommend that users unmerge XULRunner:\n\n # emerge --unmerge \"net-libs/xulrunner-bin\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-3101\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101\n[ 2 ] CVE-2007-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436\n[ 3 ] CVE-2007-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437\n[ 4 ] CVE-2007-2671\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671\n[ 5 ] CVE-2007-3073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073\n[ 6 ] CVE-2008-0016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016\n[ 7 ] CVE-2008-0017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017\n[ 8 ] CVE-2008-0367\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367\n[ 9 ] CVE-2008-3835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835\n[ 10 ] CVE-2008-3836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836\n[ 11 ] CVE-2008-3837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837\n[ 12 ] CVE-2008-4058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058\n[ 13 ] CVE-2008-4059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059\n[ 14 ] CVE-2008-4060\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060\n[ 15 ] CVE-2008-4061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061\n[ 16 ] CVE-2008-4062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062\n[ 17 ] CVE-2008-4063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063\n[ 18 ] CVE-2008-4064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064\n[ 19 ] CVE-2008-4065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065\n[ 20 ] CVE-2008-4066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066\n[ 21 ] CVE-2008-4067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067\n[ 22 ] CVE-2008-4068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068\n[ 23 ] CVE-2008-4069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069\n[ 24 ] CVE-2008-4070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070\n[ 25 ] CVE-2008-4582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582\n[ 26 ] CVE-2008-5012\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012\n[ 27 ] CVE-2008-5013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013\n[ 28 ] CVE-2008-5014\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014\n[ 29 ] CVE-2008-5015\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015\n[ 30 ] CVE-2008-5016\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016\n[ 31 ] CVE-2008-5017\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017\n[ 32 ] CVE-2008-5018\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018\n[ 33 ] CVE-2008-5019\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019\n[ 34 ] CVE-2008-5021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021\n[ 35 ] CVE-2008-5022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022\n[ 36 ] CVE-2008-5023\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023\n[ 37 ] CVE-2008-5024\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024\n[ 38 ] CVE-2008-5052\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052\n[ 39 ] CVE-2008-5500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500\n[ 40 ] CVE-2008-5501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501\n[ 41 ] CVE-2008-5502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502\n[ 42 ] CVE-2008-5503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503\n[ 43 ] CVE-2008-5504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504\n[ 44 ] CVE-2008-5505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505\n[ 45 ] CVE-2008-5506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506\n[ 46 ] CVE-2008-5507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507\n[ 47 ] CVE-2008-5508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508\n[ 48 ] CVE-2008-5510\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510\n[ 49 ] CVE-2008-5511\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511\n[ 50 ] CVE-2008-5512\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512\n[ 51 ] CVE-2008-5513\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513\n[ 52 ] CVE-2008-5822\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822\n[ 53 ] CVE-2008-5913\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913\n[ 54 ] CVE-2008-6961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961\n[ 55 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 56 ] CVE-2009-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071\n[ 57 ] CVE-2009-0352\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352\n[ 58 ] CVE-2009-0353\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353\n[ 59 ] CVE-2009-0354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354\n[ 60 ] CVE-2009-0355\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355\n[ 61 ] CVE-2009-0356\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356\n[ 62 ] CVE-2009-0357\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357\n[ 63 ] CVE-2009-0358\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358\n[ 64 ] CVE-2009-0652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652\n[ 65 ] CVE-2009-0771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771\n[ 66 ] CVE-2009-0772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772\n[ 67 ] CVE-2009-0773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773\n[ 68 ] CVE-2009-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774\n[ 69 ] CVE-2009-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775\n[ 70 ] CVE-2009-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776\n[ 71 ] CVE-2009-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777\n[ 72 ] CVE-2009-1044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044\n[ 73 ] CVE-2009-1169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169\n[ 74 ] CVE-2009-1302\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302\n[ 75 ] CVE-2009-1303\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303\n[ 76 ] CVE-2009-1304\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304\n[ 77 ] CVE-2009-1305\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305\n[ 78 ] CVE-2009-1306\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306\n[ 79 ] CVE-2009-1307\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307\n[ 80 ] CVE-2009-1308\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308\n[ 81 ] CVE-2009-1309\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309\n[ 82 ] CVE-2009-1310\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310\n[ 83 ] CVE-2009-1311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311\n[ 84 ] CVE-2009-1312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312\n[ 85 ] CVE-2009-1313\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313\n[ 86 ] CVE-2009-1392\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392\n[ 87 ] CVE-2009-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563\n[ 88 ] CVE-2009-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571\n[ 89 ] CVE-2009-1828\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828\n[ 90 ] CVE-2009-1832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832\n[ 91 ] CVE-2009-1833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833\n[ 92 ] CVE-2009-1834\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834\n[ 93 ] CVE-2009-1835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835\n[ 94 ] CVE-2009-1836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836\n[ 95 ] CVE-2009-1837\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837\n[ 96 ] CVE-2009-1838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838\n[ 97 ] CVE-2009-1839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839\n[ 98 ] CVE-2009-1840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840\n[ 99 ] CVE-2009-1841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841\n[ 100 ] CVE-2009-2043\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043\n[ 101 ] CVE-2009-2044\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044\n[ 102 ] CVE-2009-2061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061\n[ 103 ] CVE-2009-2065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065\n[ 104 ] CVE-2009-2210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210\n[ 105 ] CVE-2009-2404\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404\n[ 106 ] CVE-2009-2408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408\n[ 107 ] CVE-2009-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462\n[ 108 ] CVE-2009-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463\n[ 109 ] CVE-2009-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464\n[ 110 ] CVE-2009-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465\n[ 111 ] CVE-2009-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466\n[ 112 ] CVE-2009-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467\n[ 113 ] CVE-2009-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469\n[ 114 ] CVE-2009-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470\n[ 115 ] CVE-2009-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471\n[ 116 ] CVE-2009-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472\n[ 117 ] CVE-2009-2477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477\n[ 118 ] CVE-2009-2478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478\n[ 119 ] CVE-2009-2479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479\n[ 120 ] CVE-2009-2535\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535\n[ 121 ] CVE-2009-2654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654\n[ 122 ] CVE-2009-2662\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662\n[ 123 ] CVE-2009-2664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664\n[ 124 ] CVE-2009-2665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665\n[ 125 ] CVE-2009-3069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069\n[ 126 ] CVE-2009-3070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070\n[ 127 ] CVE-2009-3071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071\n[ 128 ] CVE-2009-3072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072\n[ 129 ] CVE-2009-3074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074\n[ 130 ] CVE-2009-3075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075\n[ 131 ] CVE-2009-3076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076\n[ 132 ] CVE-2009-3077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077\n[ 133 ] CVE-2009-3078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078\n[ 134 ] CVE-2009-3079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079\n[ 135 ] CVE-2009-3274\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274\n[ 136 ] CVE-2009-3371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371\n[ 137 ] CVE-2009-3372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372\n[ 138 ] CVE-2009-3373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373\n[ 139 ] CVE-2009-3374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374\n[ 140 ] CVE-2009-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375\n[ 141 ] CVE-2009-3376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376\n[ 142 ] CVE-2009-3377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377\n[ 143 ] CVE-2009-3378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378\n[ 144 ] CVE-2009-3379\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379\n[ 145 ] CVE-2009-3380\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380\n[ 146 ] CVE-2009-3381\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381\n[ 147 ] CVE-2009-3382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382\n[ 148 ] CVE-2009-3383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383\n[ 149 ] CVE-2009-3388\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388\n[ 150 ] CVE-2009-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389\n[ 151 ] CVE-2009-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555\n[ 152 ] CVE-2009-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978\n[ 153 ] CVE-2009-3979\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979\n[ 154 ] CVE-2009-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980\n[ 155 ] CVE-2009-3981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981\n[ 156 ] CVE-2009-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982\n[ 157 ] CVE-2009-3983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983\n[ 158 ] CVE-2009-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984\n[ 159 ] CVE-2009-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985\n[ 160 ] CVE-2009-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986\n[ 161 ] CVE-2009-3987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987\n[ 162 ] CVE-2009-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988\n[ 163 ] CVE-2010-0159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159\n[ 164 ] CVE-2010-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160\n[ 165 ] CVE-2010-0162\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162\n[ 166 ] CVE-2010-0163\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163\n[ 167 ] CVE-2010-0164\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164\n[ 168 ] CVE-2010-0165\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165\n[ 169 ] CVE-2010-0166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166\n[ 170 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 171 ] CVE-2010-0167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167\n[ 172 ] CVE-2010-0168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168\n[ 173 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 174 ] CVE-2010-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169\n[ 175 ] CVE-2010-0170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170\n[ 176 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 177 ] CVE-2010-0171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171\n[ 178 ] CVE-2010-0172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172\n[ 179 ] CVE-2010-0173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173\n[ 180 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 181 ] CVE-2010-0174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174\n[ 182 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 183 ] CVE-2010-0175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175\n[ 184 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 185 ] CVE-2010-0176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176\n[ 186 ] CVE-2010-0177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177\n[ 187 ] CVE-2010-0178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178\n[ 188 ] CVE-2010-0179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179\n[ 189 ] CVE-2010-0181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181\n[ 190 ] CVE-2010-0182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182\n[ 191 ] CVE-2010-0183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183\n[ 192 ] CVE-2010-0220\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220\n[ 193 ] CVE-2010-0648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648\n[ 194 ] CVE-2010-0654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654\n[ 195 ] CVE-2010-1028\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028\n[ 196 ] CVE-2010-1121\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121\n[ 197 ] CVE-2010-1125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125\n[ 198 ] CVE-2010-1196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196\n[ 199 ] CVE-2010-1197\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197\n[ 200 ] CVE-2010-1198\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198\n[ 201 ] CVE-2010-1199\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199\n[ 202 ] CVE-2010-1200\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200\n[ 203 ] CVE-2010-1201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201\n[ 204 ] CVE-2010-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202\n[ 205 ] CVE-2010-1203\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203\n[ 206 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 207 ] CVE-2010-1206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206\n[ 208 ] CVE-2010-1207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207\n[ 209 ] CVE-2010-1208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208\n[ 210 ] CVE-2010-1209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209\n[ 211 ] CVE-2010-1210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210\n[ 212 ] CVE-2010-1211\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211\n[ 213 ] CVE-2010-1212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212\n[ 214 ] CVE-2010-1213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213\n[ 215 ] CVE-2010-1214\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214\n[ 216 ] CVE-2010-1215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215\n[ 217 ] CVE-2010-1585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585\n[ 218 ] CVE-2010-2751\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751\n[ 219 ] CVE-2010-2752\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752\n[ 220 ] CVE-2010-2753\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753\n[ 221 ] CVE-2010-2754\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754\n[ 222 ] CVE-2010-2755\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755\n[ 223 ] CVE-2010-2760\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760\n[ 224 ] CVE-2010-2762\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762\n[ 225 ] CVE-2010-2763\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763\n[ 226 ] CVE-2010-2764\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764\n[ 227 ] CVE-2010-2765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765\n[ 228 ] CVE-2010-2766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766\n[ 229 ] CVE-2010-2767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767\n[ 230 ] CVE-2010-2768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768\n[ 231 ] CVE-2010-2769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769\n[ 232 ] CVE-2010-2770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770\n[ 233 ] CVE-2010-3131\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131\n[ 234 ] CVE-2010-3166\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166\n[ 235 ] CVE-2010-3167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167\n[ 236 ] CVE-2010-3168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168\n[ 237 ] CVE-2010-3169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169\n[ 238 ] CVE-2010-3170\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170\n[ 239 ] CVE-2010-3171\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171\n[ 240 ] CVE-2010-3173\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173\n[ 241 ] CVE-2010-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174\n[ 242 ] CVE-2010-3175\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175\n[ 243 ] CVE-2010-3176\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176\n[ 244 ] CVE-2010-3177\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177\n[ 245 ] CVE-2010-3178\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178\n[ 246 ] CVE-2010-3179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179\n[ 247 ] CVE-2010-3180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180\n[ 248 ] CVE-2010-3182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182\n[ 249 ] CVE-2010-3183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183\n[ 250 ] CVE-2010-3399\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399\n[ 251 ] CVE-2010-3400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400\n[ 252 ] CVE-2010-3765\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765\n[ 253 ] CVE-2010-3766\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766\n[ 254 ] CVE-2010-3767\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767\n[ 255 ] CVE-2010-3768\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768\n[ 256 ] CVE-2010-3769\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769\n[ 257 ] CVE-2010-3770\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770\n[ 258 ] CVE-2010-3771\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771\n[ 259 ] CVE-2010-3772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772\n[ 260 ] CVE-2010-3773\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773\n[ 261 ] CVE-2010-3774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774\n[ 262 ] CVE-2010-3775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775\n[ 263 ] CVE-2010-3776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776\n[ 264 ] CVE-2010-3777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777\n[ 265 ] CVE-2010-3778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778\n[ 266 ] CVE-2010-4508\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508\n[ 267 ] CVE-2010-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074\n[ 268 ] CVE-2011-0051\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051\n[ 269 ] CVE-2011-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053\n[ 270 ] CVE-2011-0054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054\n[ 271 ] CVE-2011-0055\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055\n[ 272 ] CVE-2011-0056\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056\n[ 273 ] CVE-2011-0057\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057\n[ 274 ] CVE-2011-0058\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058\n[ 275 ] CVE-2011-0059\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059\n[ 276 ] CVE-2011-0061\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061\n[ 277 ] CVE-2011-0062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062\n[ 278 ] CVE-2011-0065\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065\n[ 279 ] CVE-2011-0066\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066\n[ 280 ] CVE-2011-0067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067\n[ 281 ] CVE-2011-0068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068\n[ 282 ] CVE-2011-0069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069\n[ 283 ] CVE-2011-0070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070\n[ 284 ] CVE-2011-0071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071\n[ 285 ] CVE-2011-0072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072\n[ 286 ] CVE-2011-0073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073\n[ 287 ] CVE-2011-0074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074\n[ 288 ] CVE-2011-0075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075\n[ 289 ] CVE-2011-0076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076\n[ 290 ] CVE-2011-0077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077\n[ 291 ] CVE-2011-0078\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078\n[ 292 ] CVE-2011-0079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079\n[ 293 ] CVE-2011-0080\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080\n[ 294 ] CVE-2011-0081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081\n[ 295 ] CVE-2011-0082\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082\n[ 296 ] CVE-2011-0083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083\n[ 297 ] CVE-2011-0084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084\n[ 298 ] CVE-2011-0085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085\n[ 299 ] CVE-2011-1187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187\n[ 300 ] CVE-2011-1202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202\n[ 301 ] CVE-2011-1712\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712\n[ 302 ] CVE-2011-2362\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362\n[ 303 ] CVE-2011-2363\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363\n[ 304 ] CVE-2011-2364\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364\n[ 305 ] CVE-2011-2365\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365\n[ 306 ] CVE-2011-2369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369\n[ 307 ] CVE-2011-2370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370\n[ 308 ] CVE-2011-2371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371\n[ 309 ] CVE-2011-2372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372\n[ 310 ] CVE-2011-2373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373\n[ 311 ] CVE-2011-2374\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374\n[ 312 ] CVE-2011-2375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375\n[ 313 ] CVE-2011-2376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376\n[ 314 ] CVE-2011-2377\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377\n[ 315 ] CVE-2011-2378\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378\n[ 316 ] CVE-2011-2605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605\n[ 317 ] CVE-2011-2980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980\n[ 318 ] CVE-2011-2981\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981\n[ 319 ] CVE-2011-2982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982\n[ 320 ] CVE-2011-2983\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983\n[ 321 ] CVE-2011-2984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984\n[ 322 ] CVE-2011-2985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985\n[ 323 ] CVE-2011-2986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986\n[ 324 ] CVE-2011-2987\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987\n[ 325 ] CVE-2011-2988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988\n[ 326 ] CVE-2011-2989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989\n[ 327 ] CVE-2011-2990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990\n[ 328 ] CVE-2011-2991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991\n[ 329 ] CVE-2011-2993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993\n[ 330 ] CVE-2011-2995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995\n[ 331 ] CVE-2011-2996\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996\n[ 332 ] CVE-2011-2997\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997\n[ 333 ] CVE-2011-2998\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998\n[ 334 ] CVE-2011-2999\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999\n[ 335 ] CVE-2011-3000\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000\n[ 336 ] CVE-2011-3001\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001\n[ 337 ] CVE-2011-3002\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002\n[ 338 ] CVE-2011-3003\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003\n[ 339 ] CVE-2011-3004\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004\n[ 340 ] CVE-2011-3005\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005\n[ 341 ] CVE-2011-3026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026\n[ 342 ] CVE-2011-3062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062\n[ 343 ] CVE-2011-3232\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232\n[ 344 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 345 ] CVE-2011-3640\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640\n[ 346 ] CVE-2011-3647\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647\n[ 347 ] CVE-2011-3648\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648\n[ 348 ] CVE-2011-3649\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649\n[ 349 ] CVE-2011-3650\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650\n[ 350 ] CVE-2011-3651\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651\n[ 351 ] CVE-2011-3652\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652\n[ 352 ] CVE-2011-3653\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653\n[ 353 ] CVE-2011-3654\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654\n[ 354 ] CVE-2011-3655\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655\n[ 355 ] CVE-2011-3658\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658\n[ 356 ] CVE-2011-3659\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659\n[ 357 ] CVE-2011-3660\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660\n[ 358 ] CVE-2011-3661\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661\n[ 359 ] CVE-2011-3663\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663\n[ 360 ] CVE-2011-3665\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665\n[ 361 ] CVE-2011-3670\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670\n[ 362 ] CVE-2011-3866\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866\n[ 363 ] CVE-2011-4688\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688\n[ 364 ] CVE-2012-0441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441\n[ 365 ] CVE-2012-0442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442\n[ 366 ] CVE-2012-0443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443\n[ 367 ] CVE-2012-0444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444\n[ 368 ] CVE-2012-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445\n[ 369 ] CVE-2012-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446\n[ 370 ] CVE-2012-0447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447\n[ 371 ] CVE-2012-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449\n[ 372 ] CVE-2012-0450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450\n[ 373 ] CVE-2012-0451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451\n[ 374 ] CVE-2012-0452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452\n[ 375 ] CVE-2012-0455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455\n[ 376 ] CVE-2012-0456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456\n[ 377 ] CVE-2012-0457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457\n[ 378 ] CVE-2012-0458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458\n[ 379 ] CVE-2012-0459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459\n[ 380 ] CVE-2012-0460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460\n[ 381 ] CVE-2012-0461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461\n[ 382 ] CVE-2012-0462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462\n[ 383 ] CVE-2012-0463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463\n[ 384 ] CVE-2012-0464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464\n[ 385 ] CVE-2012-0467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467\n[ 386 ] CVE-2012-0468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468\n[ 387 ] CVE-2012-0469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469\n[ 388 ] CVE-2012-0470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470\n[ 389 ] CVE-2012-0471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471\n[ 390 ] CVE-2012-0473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473\n[ 391 ] CVE-2012-0474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474\n[ 392 ] CVE-2012-0475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475\n[ 393 ] CVE-2012-0477\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477\n[ 394 ] CVE-2012-0478\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478\n[ 395 ] CVE-2012-0479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479\n[ 396 ] CVE-2012-1937\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937\n[ 397 ] CVE-2012-1938\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938\n[ 398 ] CVE-2012-1939\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939\n[ 399 ] CVE-2012-1940\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940\n[ 400 ] CVE-2012-1941\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941\n[ 401 ] CVE-2012-1945\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945\n[ 402 ] CVE-2012-1946\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946\n[ 403 ] CVE-2012-1947\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947\n[ 404 ] CVE-2012-1948\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948\n[ 405 ] CVE-2012-1949\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949\n[ 406 ] CVE-2012-1950\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950\n[ 407 ] CVE-2012-1951\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951\n[ 408 ] CVE-2012-1952\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952\n[ 409 ] CVE-2012-1953\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953\n[ 410 ] CVE-2012-1954\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954\n[ 411 ] CVE-2012-1955\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955\n[ 412 ] CVE-2012-1956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956\n[ 413 ] CVE-2012-1957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957\n[ 414 ] CVE-2012-1958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958\n[ 415 ] CVE-2012-1959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959\n[ 416 ] CVE-2012-1960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960\n[ 417 ] CVE-2012-1961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961\n[ 418 ] CVE-2012-1962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962\n[ 419 ] CVE-2012-1963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963\n[ 420 ] CVE-2012-1964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964\n[ 421 ] CVE-2012-1965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965\n[ 422 ] CVE-2012-1966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966\n[ 423 ] CVE-2012-1967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967\n[ 424 ] CVE-2012-1970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970\n[ 425 ] CVE-2012-1971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971\n[ 426 ] CVE-2012-1972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972\n[ 427 ] CVE-2012-1973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973\n[ 428 ] CVE-2012-1974\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974\n[ 429 ] CVE-2012-1975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975\n[ 430 ] CVE-2012-1976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976\n[ 431 ] CVE-2012-1994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994\n[ 432 ] CVE-2012-3956\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956\n[ 433 ] CVE-2012-3957\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957\n[ 434 ] CVE-2012-3958\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958\n[ 435 ] CVE-2012-3959\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959\n[ 436 ] CVE-2012-3960\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960\n[ 437 ] CVE-2012-3961\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961\n[ 438 ] CVE-2012-3962\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962\n[ 439 ] CVE-2012-3963\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963\n[ 440 ] CVE-2012-3964\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964\n[ 441 ] CVE-2012-3965\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965\n[ 442 ] CVE-2012-3966\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966\n[ 443 ] CVE-2012-3967\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967\n[ 444 ] CVE-2012-3968\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968\n[ 445 ] CVE-2012-3969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969\n[ 446 ] CVE-2012-3970\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970\n[ 447 ] CVE-2012-3971\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971\n[ 448 ] CVE-2012-3972\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972\n[ 449 ] CVE-2012-3973\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973\n[ 450 ] CVE-2012-3975\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975\n[ 451 ] CVE-2012-3976\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976\n[ 452 ] CVE-2012-3977\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977\n[ 453 ] CVE-2012-3978\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978\n[ 454 ] CVE-2012-3980\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980\n[ 455 ] CVE-2012-3982\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982\n[ 456 ] CVE-2012-3984\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984\n[ 457 ] CVE-2012-3985\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985\n[ 458 ] CVE-2012-3986\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986\n[ 459 ] CVE-2012-3988\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988\n[ 460 ] CVE-2012-3989\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989\n[ 461 ] CVE-2012-3990\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990\n[ 462 ] CVE-2012-3991\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991\n[ 463 ] CVE-2012-3992\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992\n[ 464 ] CVE-2012-3993\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993\n[ 465 ] CVE-2012-3994\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994\n[ 466 ] CVE-2012-3995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995\n[ 467 ] CVE-2012-4179\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179\n[ 468 ] CVE-2012-4180\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180\n[ 469 ] CVE-2012-4181\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181\n[ 470 ] CVE-2012-4182\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182\n[ 471 ] CVE-2012-4183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183\n[ 472 ] CVE-2012-4184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184\n[ 473 ] CVE-2012-4185\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185\n[ 474 ] CVE-2012-4186\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186\n[ 475 ] CVE-2012-4187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187\n[ 476 ] CVE-2012-4188\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188\n[ 477 ] CVE-2012-4190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190\n[ 478 ] CVE-2012-4191\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191\n[ 479 ] CVE-2012-4192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192\n[ 480 ] CVE-2012-4193\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193\n[ 481 ] CVE-2012-4194\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194\n[ 482 ] CVE-2012-4195\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195\n[ 483 ] CVE-2012-4196\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196\n[ 484 ] CVE-2012-4201\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201\n[ 485 ] CVE-2012-4202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202\n[ 486 ] CVE-2012-4204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204\n[ 487 ] CVE-2012-4205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205\n[ 488 ] CVE-2012-4206\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206\n[ 489 ] CVE-2012-4207\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207\n[ 490 ] CVE-2012-4208\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208\n[ 491 ] CVE-2012-4209\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209\n[ 492 ] CVE-2012-4210\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210\n[ 493 ] CVE-2012-4212\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212\n[ 494 ] CVE-2012-4215\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215\n[ 495 ] CVE-2012-4216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216\n[ 496 ] CVE-2012-5354\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354\n[ 497 ] CVE-2012-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829\n[ 498 ] CVE-2012-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830\n[ 499 ] CVE-2012-5833\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833\n[ 500 ] CVE-2012-5835\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835\n[ 501 ] CVE-2012-5836\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836\n[ 502 ] CVE-2012-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838\n[ 503 ] CVE-2012-5839\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839\n[ 504 ] CVE-2012-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840\n[ 505 ] CVE-2012-5841\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841\n[ 506 ] CVE-2012-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842\n[ 507 ] CVE-2012-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843\n[ 508 ] Firefox Blocking Fraudulent Certificates\n\nhttp://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=\nertificates/\n[ 509 ] Mozilla Foundation Security Advisory 2011-11\n http://www.mozilla.org/security/announce/2011/mfsa2011-11.html\n[ 510 ] Mozilla Foundation Security Advisory 2011-34\n http://www.mozilla.org/security/announce/2011/mfsa2011-34.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201301-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-927-6 July 23, 2010\nnss vulnerability\nCVE-2009-3555\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 9.04:\n libnss3-1d 3.12.6-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart your session to effect\nthe necessary changes. \n\nDetails follow:\n\nUSN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the\ncorresponding updates for Ubuntu 9.04. \n\nOriginal advisory details:\n\n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user\u0027s session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it. \n\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz\n Size/MD5: 36776 09e94267337a3318b4955b7a830f5244\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc\n Size/MD5: 1651 a682fa17ab7385f06eae108e3b8eeb76\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz\n Size/MD5: 5947630 da42596665f226de5eb3ecfc1ec57cd1\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 3355322 1901b0a2e9022baccca540cb776da507\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 1230706 a5be600c34d6c62f3c7c7d9fe8fe6807\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 263110 37bf5e46dc372000a1932336ded61143\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 17788 cb888df2baa2d06cf98091f1bd033496\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb\n Size/MD5: 318718 77e6de51c2beebe6a2570e1f70069d91\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 3181812 ab6888c9709c1101e0f07bda925ea76b\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 1112446 64e165966e297b247e220aa017851248\n http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 260434 6dc65e066be54da5a4ad7e784c37fa49\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 17790 6a4afb594384085b41502911476f9d27\n http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb\n Size/MD5: 301968 a5f1eb30b4dd64bbac568873ad700887\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 3220356 1bed6847d860f8dd0a845062cf227322\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 1085226 c5e07d7711f257888071d97ff551f42e\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 259084 d6424f00ee83eaf9abb433768edb37c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 17788 217da64905b090392eb4acfa43d282c2\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb\n Size/MD5: 297772 7f223b5673372154a73cf84c9ed6bfda\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 3330434 d4c4fe0a437c5f2dd20b81df2cf936b5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 1202898 b27bda4a282c5b46733dcc21519cc4b6\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 262126 bb796b31d740e38581a37003a89c18a5\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 17794 0109fab35491b7f7f6e8d9649acbd728\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb\n Size/MD5: 323344 8e6f667e0df078a4b68d72acddfc3326\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 2988064 97a10a1098bc541808ead09dcb1711c5\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 1074248 4de13c4f7e970d56fa65e6f0e472f320\n http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 257214 d1ee26bd6f9e26f93f8b8af403d41b1a\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 17794 2f08b7d40b6069754762083051c03f27\n http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb\n Size/MD5: 303452 b1dc3dbcbf441a81ef5005e72ad60620\n\n\n\n-- \nJamie Strandboge | http://www.canonical.com\n. This\nupdate addresses these protocol vulnerabilities in lighttpd. \n\nCVE-2009-3555\n\n Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS\n and SSLv3 protocols do not properly associate renegotiation\n handshakes with an existing connection, which allows man-in-the-middle\n attackers to insert data into HTTPS sessions. This issue is solved\n in lighttpd by disabling client initiated renegotiation by default. \n \n Those users that do actually need such renegotiations, can reenable\n them via the new \u0027ssl.disable-client-renegotiation\u0027 parameter. \n\nCVE-2012-4929\n\n Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\n protocol when using compression. This side channel attack, dubbed\n \u0027CRIME\u0027, allows eavesdroppers to gather information to recover the\n original plaintext in the protocol. This update disables compression. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.2. \n\nFor the testing distribution (wheezy), and the unstable distribution (sid)\nthese problems have been fixed in version 1.4.30-1. \n\nWe recommend that you upgrade your lighttpd packages. \nCorrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)\n 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE)\n 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)\n 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)\nCVE Name: CVE-2009-4146, CVE-2009-4147\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nI. Background\n\nThe run-time link-editor, rtld, links dynamic executable with their\nneeded libraries at run-time. It also allows users to explicitly\nload libraries via various LD_ environmental variables. \n\nII. Problem Description\n\nWhen running setuid programs rtld will normally remove potentially\ndangerous environment variables. Due to recent changes in FreeBSD\nenvironment variable handling code, a corrupt environment may\nresult in attempts to unset environment variables failing. \n\nIII. Impact\n\nAn unprivileged user who can execute programs on a system can gain\nthe privileges of any setuid program which he can run. On most\nsystems configurations, this will allow a local attacker to execute\ncode as the root user. \n\nIV. Workaround\n\nNo workaround is available, but systems without untrusted local users,\nwhere all the untrusted local users are jailed superusers, and/or where\nuntrusted users cannot execute arbitrary code (e.g., due to use of read\nonly and noexec mount options) are not affected. \n\nNote that \"untrusted local users\" include users with the ability to\nupload and execute web scripts (CGI, PHP, Python, Perl etc.), as they\nmay be able to exploit this issue. \n\nV. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,\nor to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated\nafter the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 7.1, 7.2,\nand 8.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc\n\n[FreeBSD 8.0]\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/libexec/rtld-elf\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On\namd64 systems where the i386 rtld are installed, the operating system\nshould instead be recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_7\n src/libexec/rtld-elf/rtld.c 1.124.2.7\nRELENG_7_2\n src/UPDATING 1.507.2.23.2.8\n src/sys/conf/newvers.sh 1.72.2.11.2.9\n src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.12\n src/sys/conf/newvers.sh 1.72.2.9.2.13\n src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2\nRELENG_8\n src/libexec/rtld-elf/rtld.c 1.139.2.4\nRELENG_8_0\n src/UPDATING 1.632.2.7.2.4\n src/sys/conf/newvers.sh 1.83.2.6.2.4\n src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/7/ r199981\nreleng/7.2/ r200054\nreleng/7.1/ r200054\nstable/8/ r199980\nreleng/8.0/ r200054\n- -------------------------------------------------------------------------\n\nVII. \nHP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01945686\nVersion: 1\n\nHPSBUX02482 SSRT090249 rev.1 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of\n\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-11-25\nLast Updated: 2009-11-25\n\nPotential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited\n\nremotely to inject unauthorized data or to create a Denial of Service (DoS). \n\nReferences: CVE-2009-3555\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided upgrades to resolve this vulnerability. \nThe upgrades are available from the following location. \n\nHOST\n ACCOUNT\n PASSWORD\n\nftp.usa.hp.com\n sb02482\n Secure12\n\nHP-UX Release\n Depot name\n SHA-1 Hash\n\nB.11.11 PA (32 and 64)\n OpenSSL_A.00.09.08l.001_HP-UX_B.11.11_32+64.depot\n 2efb-e45e-78a7-17d0-11e9-5c10-3753-0585-6fde-36c4\n\nB.11.23 (PA and IA)\n OpenSSL_A.00.09.08l.002_HP-UX_B.11.23_IA-PA.depot\n 2794-2f77-48a4-3316-a8b9-d213-7243-8e1b-7336-95a2\n\nB.11.31 (PA and IA)\n OpenSSL_A.00.09.08l.003_HP-UX_B.11.31_IA-PA.depot\n 7be7-25a2-d3c4-0dce-761d-eba0-2782-8788-3bf8-02ca\n\nNote: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used,\n\napplications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall OpenSSL A.00.09.08l or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\n\nPatch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a\n\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\n\nsee: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\naction: install revision A.00.09.08l.001 or subsequent\n\nHP-UX B.11.23\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.002 or subsequent\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-LIB.2\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PRNG.2\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-RUN.2\naction: install revision A.00.09.08l.003 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 25 November 2009 Initial release\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAksNs5IACgkQ4B86/C0qfVmJNQCeMd6pno2UZMwhJYB8yaKTw3Ta\nH6EAni+Jh3ebmTxXb0gfH5eefN9xqKO3\n=h0Pb\n-----END PGP SIGNATURE-----\n. \nHP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. \n\nKit Name\n Location\n\nHP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-3555"
},
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "PACKETSTORM",
"id": "101257"
}
],
"trust": 3.24
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=10071",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-41001",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2009-3555",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#120541",
"trust": 2.9
},
{
"db": "HITACHI",
"id": "HS10-030",
"trust": 2.0
},
{
"db": "BID",
"id": "36935",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "38781",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42377",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37501",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39632",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37604",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41972",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "43308",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38241",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37859",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40070",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41818",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42816",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42379",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39317",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38020",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42467",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37320",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37640",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37656",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37383",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42724",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38003",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44183",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42733",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38484",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40545",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40866",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39242",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38056",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39278",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39243",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42808",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37675",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39127",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39461",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37453",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "40747",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41490",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39628",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "44954",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39500",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "48577",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42811",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37291",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41480",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37292",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37399",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39713",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "38687",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37504",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "39136",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "41967",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023217",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023273",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023274",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023206",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023272",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023427",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023218",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023163",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023214",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023211",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023219",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023216",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024789",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023148",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023213",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023271",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023243",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023209",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023215",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023208",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023411",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023204",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023224",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023210",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023207",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023426",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023428",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023205",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023275",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023270",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1023212",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2745",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3353",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3069",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3354",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3484",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1793",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3310",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0982",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0033",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3220",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-2010",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1639",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1107",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3126",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0916",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3164",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0032",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2011-0086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3313",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0748",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1350",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3521",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0994",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-3086",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0173",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3587",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0933",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3205",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1054",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-0848",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2010-1673",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3165",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/07/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/23/10",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/05/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/20/1",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2009/11/06/3",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "65202",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "62210",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60521",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "60972",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-222A",
"trust": 1.7
},
{
"db": "USCERT",
"id": "TA10-287A",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.2853",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2561",
"trust": 0.6
},
{
"db": "JUNIPER",
"id": "JSA10939",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-160-01",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "130868",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83271",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "120365",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "83415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92095",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "89136",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10071",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "10579",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82657",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90262",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88173",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91309",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106155",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111273",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83414",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88167",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120714",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97489",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131826",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95279",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137201",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106156",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "92497",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88621",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "94088",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88698",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "90286",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114810",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123380",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "84181",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67231",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-41001",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"trust": 0.1
},
{
"db": "SECUNIA",
"id": "44293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "100761",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89026",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111583",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101257",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "91749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111920",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"id": "VAR-200911-0398",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
}
],
"trust": 0.6623591435714286
},
"last_update_date": "2026-03-09T22:17:46.450000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39675"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39679"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39683"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39687"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39615"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39619"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39623"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39626"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39678"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39682"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39686"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39614"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39618"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39622"
},
{
"title": "Security Update for Windows Server 2003 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39677"
},
{
"title": "Security Update for Windows Vista for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39681"
},
{
"title": "Security Update for Windows 7 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39685"
},
{
"title": "Security Update for Windows XP (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39613"
},
{
"title": "Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39617"
},
{
"title": "Security Update for Windows Server 2008 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39621"
},
{
"title": "Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39625"
},
{
"title": "Security Update for Windows XP x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39676"
},
{
"title": "Security Update for Windows Vista (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39680"
},
{
"title": "Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39684"
},
{
"title": "Security Update for Windows Server 2008 R2 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39688"
},
{
"title": "Security Update for Windows Server 2003 x64 Edition (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39616"
},
{
"title": "Security Update for Windows Server 2008 (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39620"
},
{
"title": "Security Update for Windows 7 for x64-based Systems (KB980436)",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=39624"
},
{
"title": "Thunderbird Setup 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4468"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4472"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4471"
},
{
"title": "thunderbird-3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4470"
},
{
"title": "Thunderbird 3.1",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4469"
},
{
"title": "FirefoxChinaEdition 2010.7",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=4473"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100167 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd and httpd22 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100011 - Security Advisory"
},
{
"title": "Red Hat: Moderate: java-1.4.2-ibm security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100155 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl097a security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100164 - Security Advisory"
},
{
"title": "Red Hat: Moderate: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100165 - Security Advisory"
},
{
"title": "Red Hat: Moderate: gnutls security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100166 - Security Advisory"
},
{
"title": "Red Hat: Important: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100162 - Security Advisory"
},
{
"title": "Red Hat: Moderate: openssl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100163 - Security Advisory"
},
{
"title": "Red Hat: Low: JBoss Enterprise Web Server 1.0.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100119 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-6"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-1"
},
{
"title": "Ubuntu Security Notice: openssl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-990-1"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-927-4"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20091109-tls"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-860-1"
},
{
"title": "Red Hat: Moderate: java-1.5.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100130 - Security Advisory"
},
{
"title": "Cisco: Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=Cisco-SA-20091105-CVE-2009-3555"
},
{
"title": "Debian CVElist Bug Report Logs: \"slowloris\" denial-of-service vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=5ed45f95901af77f1f752912d098b48e"
},
{
"title": "Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1c00cc4c6dbe7bb057db61e10ff97d6d"
},
{
"title": "Debian Security Advisories: DSA-2626-1 lighttpd -- several issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=885d01db2c0276e75192acacb224a6e8"
},
{
"title": "Debian CVElist Bug Report Logs: Not possible to disable SSLv3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cd46735759deed658e1e15bd89794f91"
},
{
"title": "Debian Security Advisories: DSA-1934-1 apache2 -- multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=a5a134c3483f034e2df5ced5ad7428ec"
},
{
"title": "Debian Security Advisories: DSA-3253-1 pound -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ad76a2fc91623114f1aaa478b7ecbe12"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-4623: Denial of Service through Certificate message during handshake",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=48a9651e9438ab2ad49c32956a8040ab"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2010-22",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2010-22"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2013-5914 CVE-2013-5915",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=3ea56f82629f8bb9aeeedb7aa86eb416"
},
{
"title": "Symantec Security Advisories: SA44 : TLS/SSLv3 renegotiation (CVE-2009-3555)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=92adf6d8db72928bb63961cc8473a936"
},
{
"title": "Red Hat: Critical: java-1.4.2-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100786 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: polarssl: CVE-2009-3555",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=d154eb6a1f821c737dadd179519e99ce"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100339 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.6.0-openjdk security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100768 - Security Advisory"
},
{
"title": "Citrix Security Bulletins: Transport Layer Security Renegotiation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=d26786915d99808385e93927bb7516fd"
},
{
"title": "Citrix Security Bulletins: Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=8a0ec21ac35be2b30e769ff0af90fa26"
},
{
"title": "Red Hat: Critical: java-1.5.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100338 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100337 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091694 - Security Advisory"
},
{
"title": "Red Hat: Critical: java-1.6.0-sun security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100770 - Security Advisory"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d7005a2e6744b7e4f77d0105454de35d"
},
{
"title": "Ubuntu Security Notice: openjdk-6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-923-1"
},
{
"title": "VMware Security Advisories: VMware ESX third party updates for Service Console",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=d8e6425b0cb8b545dc1e50945dafb2c0"
},
{
"title": "Ubuntu Security Notice: openjdk-6, openjdk-6b18 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1010-1"
},
{
"title": "Symantec Security Advisories: SA50 : Multiple SSL/TLS vulnerabilities in Reporter",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=1e934b8269c86666c1ebc108ca0e3d35"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "VMware Security Advisories: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=ea953b0a91a1816979ec1d304d5e3d93"
},
{
"title": "DPSSLClientProfile",
"trust": 0.1,
"url": "https://github.com/ADesprets/DPSSLClientProfile "
},
{
"title": "letsencrypt-lighttpd",
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd "
},
{
"title": "igrill-smoker",
"trust": 0.1,
"url": "https://github.com/kins-dev/igrill-smoker "
},
{
"title": "hanase",
"trust": 0.1,
"url": "https://github.com/ekiojp/hanase "
},
{
"title": "CVE-HOWTO",
"trust": 0.1,
"url": "https://github.com/RedHatProductSecurity/CVE-HOWTO "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-vpn-mitm-research "
},
{
"title": "pulse-secure-vpn-mitm-research",
"trust": 0.1,
"url": "https://github.com/withdk/pulse-secure-mitm-research "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.8,
"url": "http://extendedsubset.com/?p=8"
},
{
"trust": 2.6,
"url": "http://support.citrix.com/article/ctx123359"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=780"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=786"
},
{
"trust": 2.5,
"url": "http://www.links.org/?p=789"
},
{
"trust": 2.5,
"url": "http://blogs.iss.net/archive/sslmitmiscsrf.html"
},
{
"trust": 2.5,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"
},
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125"
},
{
"trust": 2.5,
"url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"
},
{
"trust": 2.5,
"url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"
},
{
"trust": 2.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/36935"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2009/dsa-1934"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2011/dsa-2141"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2015/dsa-3253"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2010-0019.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2011-0003.html"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"trust": 2.1,
"url": "http://www.kb.cert.org/vuls/id/120541"
},
{
"trust": 2.0,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247"
},
{
"trust": 2.0,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"
},
{
"trust": 2.0,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"
},
{
"trust": 2.0,
"url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100081611"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114315"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/css/p8/documents/100114327"
},
{
"trust": 2.0,
"url": "http://support.zeus.com/zws/media/docs/4.3/release_notes"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298"
},
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312"
},
{
"trust": 2.0,
"url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt"
},
{
"trust": 2.0,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html"
},
{
"trust": 2.0,
"url": "http://www.ingate.com/relnote.php?ver=481"
},
{
"trust": 2.0,
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"
},
{
"trust": 2.0,
"url": "http://www.openoffice.org/security/cves/cve-2009-3555.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"
},
{
"trust": 2.0,
"url": "http://www.proftpd.org/docs/release_notes-1.3.2c"
},
{
"trust": 2.0,
"url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"
},
{
"trust": 2.0,
"url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"
},
{
"trust": 1.9,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa50"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1023148"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023163"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023204"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023205"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023206"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023207"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023208"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023209"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023210"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023211"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023212"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023213"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023214"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023215"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023216"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023217"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023218"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023219"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023224"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023243"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023270"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023271"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023272"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023273"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023274"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023275"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023411"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023426"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023427"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1023428"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1024789"
},
{
"trust": 1.7,
"url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2009/nov/139"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507952/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508075/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/508130/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37291"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37320"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37383"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37399"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37453"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37501"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37504"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37604"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37640"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37656"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37675"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37859"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38003"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38020"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38056"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38241"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38484"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38687"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/38781"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39127"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39136"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39242"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39243"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39278"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39292"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39317"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39461"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39500"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39628"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39632"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39713"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40070"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40545"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40747"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/40866"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41480"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41490"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41818"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41967"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/41972"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42377"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42379"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42467"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42724"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42733"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42808"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42811"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42816"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/43308"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44183"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/44954"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48577"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60521"
},
{
"trust": 1.7,
"url": "http://osvdb.org/60972"
},
{
"trust": 1.7,
"url": "http://osvdb.org/62210"
},
{
"trust": 1.7,
"url": "http://osvdb.org/65202"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3164"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3165"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3205"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3220"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3310"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3313"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3353"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3354"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3484"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3521"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3587"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0173"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0748"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0848"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0916"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0933"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0982"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/0994"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1054"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1350"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1639"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1673"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/1793"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2010"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/2745"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3069"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3086"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2010/3126"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0032"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0033"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2011/0086"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html"
},
{
"trust": 1.7,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"
},
{
"trust": 1.7,
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041"
},
{
"trust": 1.7,
"url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751"
},
{
"trust": 1.7,
"url": "http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522176"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:076"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:084"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:089"
},
{
"trust": 1.7,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0119.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0130.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0155.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0165.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0167.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0337.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0338.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0339.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0768.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0770.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0786.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0807.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0865.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0986.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0987.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-222a.html"
},
{
"trust": 1.7,
"url": "http://www.us-cert.gov/cas/techalerts/ta10-287a.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-1010-1"
},
{
"trust": 1.7,
"url": "http://ubuntu.com/usn/usn-923-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-1"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-4"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-927-5"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata45.html#010_openssl"
},
{
"trust": 1.7,
"url": "http://openbsd.org/errata46.html#004_openssl"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/05/5"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/06/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/07/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/1"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/10"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.7,
"url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"
},
{
"trust": 1.7,
"url": "http://clicky.me/tlsvuln"
},
{
"trust": 1.7,
"url": "http://extendedsubset.com/renegotiating_tls.pdf"
},
{
"trust": 1.7,
"url": "http://kbase.redhat.com/faq/docs/doc-20491"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4004"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.7,
"url": "http://support.avaya.com/css/p8/documents/100070150"
},
{
"trust": 1.7,
"url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"
},
{
"trust": 1.7,
"url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt"
},
{
"trust": 1.7,
"url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/advisories:rpsa-2009-0155"
},
{
"trust": 1.7,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 1.7,
"url": "http://www.betanews.com/article/1257452450"
},
{
"trust": 1.7,
"url": "http://www.openssl.org/news/secadv_20091111.txt"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/unix/1060/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/support/search/view/944/"
},
{
"trust": 1.7,
"url": "http://www.tombom.co.uk/blog/?p=85"
},
{
"trust": 1.7,
"url": "http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689"
},
{
"trust": 1.7,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755"
},
{
"trust": 1.7,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"
},
{
"trust": 1.6,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pm00675\u0026apar=only"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=130497311408250\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127557596201693\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=cryptography\u0026m=125752275331877\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127419602507642\u0026w=2"
},
{
"trust": 1.6,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.597446"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=132077688910227\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=127128920008563\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=126150535619567\u0026w=2"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.8,
"url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html"
},
{
"trust": 0.8,
"url": "http://cvs.openssl.org/chngview?cn=18790"
},
{
"trust": 0.8,
"url": "http://www.links.org/files/no-renegotiation-2.patch"
},
{
"trust": 0.8,
"url": "http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html"
},
{
"trust": 0.6,
"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1694"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1580"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0119"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2011:0880"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2009:1579"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0440"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0338"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0339"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0337"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0155"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2009-3555"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0807"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0011"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0130"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0987"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0865"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0986"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2015:1591"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0166"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0165"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0167"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0162"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0164"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0163"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "httpd-announce\u0026m=125755783724966\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0786"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0408"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0768"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2010:0770"
},
{
"trust": 0.6,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10939"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2561/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2853"
},
{
"trust": 0.3,
"url": "mozilla"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html"
},
{
"trust": 0.3,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html"
},
{
"trust": 0.3,
"url": "http://blog.pfsense.org/?p=531"
},
{
"trust": 0.3,
"url": "http://www.opera.com/support/kb/view/944/"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21410851"
},
{
"trust": 0.3,
"url": "http://www.openssl.org/news/changelog.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.15"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21390112"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2013/nov/att-119/esa-2013-077.txt"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02122104"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21420576"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/archives/cat_releases.html"
},
{
"trust": 0.3,
"url": "http://www.matrixssl.org/index.html"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg24006386"
},
{
"trust": 0.3,
"url": "http://msmvps.com/blogs/alunj/archive/2009/11/18/1740656.aspx"
},
{
"trust": 0.3,
"url": "https://developer.mozilla.org/nss_3.12.5_release_notes"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata45.html"
},
{
"trust": 0.3,
"url": "http://www.openbsd.org/errata46.html"
},
{
"trust": 0.3,
"url": "http://article.gmane.org/gmane.network.openvpn.devel/2835"
},
{
"trust": 0.3,
"url": "http://www.opera.com/docs/changelogs/windows/1050/"
},
{
"trust": 0.3,
"url": "http://my.opera.com/securitygroup/blog/2010/01/23/alpha-testing-tls-renego-fix"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://www.ietf.org/mail-archive/web/tls/current/msg03942.html"
},
{
"trust": 0.3,
"url": "http://www.porcupine.org/postfix-mirror/smtp-renegotiate.pdf"
},
{
"trust": 0.3,
"url": "http://www.ssh.com/documents/33/sshtectiaguardian_2.0.2b_releasenotes.txt"
},
{
"trust": 0.3,
"url": "http://tools.ietf.org/html/rfc5746"
},
{
"trust": 0.3,
"url": "http://www.g-sec.lu/tls-ssl-proof-of-concept.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa44\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf"
},
{
"trust": 0.3,
"url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_721_en.pdf"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000106.html"
},
{
"trust": 0.3,
"url": "/archive/1/510726"
},
{
"trust": 0.3,
"url": "/archive/1/508176"
},
{
"trust": 0.3,
"url": "/archive/1/508130"
},
{
"trust": 0.3,
"url": "/archive/1/507952"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/mar/84"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21415080"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273350-1"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025718"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025719"
},
{
"trust": 0.3,
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20091112-01.html"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100074555"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100071565"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100072446"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100077741"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100078357"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080915"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100081602"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100082047"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100092059"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100107778"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100080668"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21607116"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml"
},
{
"trust": 0.3,
"url": "http://fortiguard.com/psirt/fg-ir-17-137"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266\u0026ac.admitted=1320706848406.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995\u0026admit=109447626+1284637282234+28353475"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
},
{
"trust": 0.3,
"url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02616748\u0026admit=109447627+1291997777000+28353475"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1ic69118"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/977377.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms10-049.mspx"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7005950\u0026sliceid=1"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0119.html"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.3,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.3,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0082"
},
{
"trust": 0.2,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=132077688910227\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=142660345230545\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127419602507642\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=134254866602253\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=130497311408250\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=133469267822771\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=126150535619567\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127128920008563\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=127557596201693\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026amp;q=pm00675\u0026amp;apar=only"
},
{
"trust": 0.1,
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2009\u0026amp;m=slackware-security.597446"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=apache-httpd-announce\u0026amp;m=125755783724966\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=cryptography\u0026amp;m=125752275331877\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://kb.bluecoat.com/index?page=content\u0026amp;id=sa50"
},
{
"trust": 0.1,
"url": "https://github.com/adesprets/dpsslclientprofile"
},
{
"trust": 0.1,
"url": "https://github.com/galeone/letsencrypt-lighttpd"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091105-cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=20886"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0731"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3505"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3512"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44293"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/"
},
{
"trust": 0.1,
"url": "http://secunia.com/research/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44293/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/open_positions/reverse_engineer"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/a6a02193b073"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0840"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3882"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3879"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0092"
},
{
"trust": 0.1,
"url": "http://blogs.sun.com/darcy/resource/openjdk_6/openjdk6-b18-changes-summary.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3881"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3883"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0084"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3869"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0845"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3882"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0838"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3873"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3875"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3874"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0847"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3871"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3877"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3876"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0085"
},
{
"trust": 0.1,
"url": "http://article.gmane.org/gmane.comp.java.openjdk.distro-packaging.devel/8938"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0082"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3885"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0837"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3880"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-7270"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwareindex.jsp?lang=en\u0026cc=us\u0026prodnameid=3188475\u0026prodtypeid=329290\u0026prodseriesid=3188465\u0026swlang=8\u0026taskid=135\u0026swenvoid=1113"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0840"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-0492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3292"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-4343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2003-0542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3747"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3291"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2002-0839"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3357"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-3352"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3738"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3095"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1891"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0082"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1832"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1828"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0353"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0473"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2043"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3655"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2760"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0447"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0456"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1125"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3003"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0057"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0443"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1940"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2376"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3971"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3977"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3965"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1834"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2472"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2767"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1952"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0164"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3400"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1211"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4188"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2408"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1304"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1206"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1975"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1392"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3835"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5023"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1308"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1044"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5508"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1307"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3866"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0080"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1213"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0352"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0051"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3989"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3371"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3382"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5502"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3978"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3993"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5506"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3375"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3078"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0462"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2605"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3658"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1973"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3004"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1950"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2369"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3001"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3381"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3994"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3167"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5024"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0468"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1203"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2061"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0085"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1945"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3000"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0068"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1974"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0081"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1955"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1302"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5503"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3374"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3968"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1028"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3005"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4185"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1121"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3661"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5913"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3169"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5843"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3663"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3651"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2372"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1951"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3274"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1197"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4067"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2997"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3778"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2996"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3232"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4063"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0354"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3380"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0357"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0220"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0071"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0777"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0055"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5052"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0165"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2378"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3131"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5513"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3986"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2752"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3388"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2469"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2753"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3650"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3002"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2764"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2751"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2477"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2991"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0358"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3670"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3987"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3976"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4582"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4208"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4186"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0441"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5014"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2671"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2662"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1309"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1585"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5840"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2998"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0355"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1200"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2362"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3077"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0056"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5501"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4195"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1962"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3660"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2762"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5833"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1839"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0648"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3101"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0072"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3399"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2983"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5838"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5019"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2985"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0458"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3837"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0066"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3836"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0174"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5842"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0457"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3176"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5511"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0356"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4205"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3379"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4508"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-34.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0016"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1967"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1306"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3079"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0073"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0474"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0444"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0455"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1954"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3647"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4210"
},
{
"trust": 0.1,
"url": "http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c="
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0017"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1305"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0446"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3966"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0181"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3979"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0450"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1214"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0449"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1841"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0367"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3765"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1947"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3070"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4060"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3992"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1563"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0442"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0175"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1712"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1199"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2365"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2404"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3775"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1198"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2535"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1938"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5505"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1946"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5512"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4187"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3766"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2437"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1949"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3776"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5830"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0075"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0652"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1958"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5015"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0163"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0179"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1313"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0159"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1939"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3972"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3182"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4207"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-6961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2990"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3178"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4069"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3180"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4191"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3956"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4204"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2763"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3986"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3654"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2364"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3389"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3963"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0464"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1209"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2754"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2210"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5829"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3982"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3173"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3774"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5510"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4192"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2463"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0467"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1964"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3959"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3770"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3769"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0772"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3665"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4196"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5822"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2466"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3649"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3653"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3768"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2478"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3988"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1312"
},
{
"trust": 0.1,
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-11.html"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2479"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3383"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1303"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2465"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3170"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2377"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3991"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3982"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5012"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1957"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2755"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1948"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3961"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0470"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3773"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0166"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-1571"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3984"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2436"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3981"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1970"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0461"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4215"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4058"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0451"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0771"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0017"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3836"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4212"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0459"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0076"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0083"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0460"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1201"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3960"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0059"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3062"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5018"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3177"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3980"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2363"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0084"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3652"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1941"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201301-01.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3074"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1937"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3835"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3171"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2999"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0471"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0065"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0162"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3373"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2665"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://www.canonical.com"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch.asc"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4146"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/\u003e."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4147"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/advisories/freebsd-sa-09:16.rtld.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld7.patch.asc"
},
{
"trust": 0.1,
"url": "http://security.freebsd.org/patches/sa-09:16/rtld.patch"
},
{
"trust": 0.1,
"url": "http://www.freebsd.org/handbook/makeworld.html\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0087"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0839"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0091"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0837"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-4546"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0095"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0093"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0090"
},
{
"trust": 0.1,
"url": "http://www.hp.com/go/hpsim"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
},
{
"trust": 0.1,
"url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
},
{
"db": "VULHUB",
"id": "VHN-41001"
},
{
"db": "VULMON",
"id": "CVE-2009-3555"
},
{
"db": "BID",
"id": "36935"
},
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "PACKETSTORM",
"id": "130868"
},
{
"db": "PACKETSTORM",
"id": "100761"
},
{
"db": "PACKETSTORM",
"id": "89026"
},
{
"db": "PACKETSTORM",
"id": "111583"
},
{
"db": "PACKETSTORM",
"id": "101257"
},
{
"db": "PACKETSTORM",
"id": "119293"
},
{
"db": "PACKETSTORM",
"id": "92095"
},
{
"db": "PACKETSTORM",
"id": "120365"
},
{
"db": "PACKETSTORM",
"id": "83415"
},
{
"db": "PACKETSTORM",
"id": "91749"
},
{
"db": "PACKETSTORM",
"id": "111920"
},
{
"db": "PACKETSTORM",
"id": "83271"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
},
{
"db": "NVD",
"id": "CVE-2009-3555"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2009-3555",
"ident": null
},
{
"db": "BID",
"id": "36935",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2009-11-11T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2009-11-04T00:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2010-05-03T23:54:02",
"db": "PACKETSTORM",
"id": "89136",
"ident": null
},
{
"date": "2015-03-18T00:44:34",
"db": "PACKETSTORM",
"id": "130868",
"ident": null
},
{
"date": "2011-04-24T07:03:07",
"db": "PACKETSTORM",
"id": "100761",
"ident": null
},
{
"date": "2010-04-28T20:44:54",
"db": "PACKETSTORM",
"id": "89026",
"ident": null
},
{
"date": "2012-04-05T00:45:56",
"db": "PACKETSTORM",
"id": "111583",
"ident": null
},
{
"date": "2011-05-10T00:45:11",
"db": "PACKETSTORM",
"id": "101257",
"ident": null
},
{
"date": "2013-01-08T03:21:24",
"db": "PACKETSTORM",
"id": "119293",
"ident": null
},
{
"date": "2010-07-23T18:03:56",
"db": "PACKETSTORM",
"id": "92095",
"ident": null
},
{
"date": "2013-02-18T15:23:02",
"db": "PACKETSTORM",
"id": "120365",
"ident": null
},
{
"date": "2009-12-03T21:03:04",
"db": "PACKETSTORM",
"id": "83415",
"ident": null
},
{
"date": "2010-07-14T04:19:30",
"db": "PACKETSTORM",
"id": "91749",
"ident": null
},
{
"date": "2012-04-17T20:41:11",
"db": "PACKETSTORM",
"id": "111920",
"ident": null
},
{
"date": "2009-11-30T21:44:08",
"db": "PACKETSTORM",
"id": "83271",
"ident": null
},
{
"date": "2009-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2009-11-09T17:30:00.407000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-07-22T00:00:00",
"db": "CERT/CC",
"id": "VU#120541",
"ident": null
},
{
"date": "2023-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-41001",
"ident": null
},
{
"date": "2017-12-19T22:00:00",
"db": "BID",
"id": "36935",
"ident": null
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200911-069",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-3555",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "89136"
},
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "SSL and TLS protocols renegotiation vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#120541"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200911-069"
}
],
"trust": 0.6
}
}
VAR-201201-0038
Vulnerability from variot - Updated: 2026-03-09 21:51protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. The vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker might obtain sensitive information, gain privileges, send requests to unintended servers behind proxies, bypass certain security restrictions, obtain the values of HTTPOnly cookies, or cause a Denial of Service in various ways.
A local attacker could gain escalated privileges.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
References
[ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. (CVE-2011-3368)
It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3607)
A NULL pointer dereference flaw was found in the httpd mod_log_config module.
This update also fixes the following bug:
- The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03231301 Version: 1
HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-03-27 Last Updated: 2012-03-27
Potential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS).
References: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel.
MANUAL ACTIONS: Yes - NonUpdate
Install the hotfix for SSRT100772.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS (for HP-UX)
For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN,fr=B.07.50.00 action: install the hotfix for SSRT100772
END AFFECTED VERSIONS (for HP-UX)
HISTORY Version:1 (rev.1) - 27 March 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The apr-util package has also been updated to the latest version.
Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. Version bump for httpd upgrade. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. ) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. [Joe Orton] ) SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. [Stefan Fritsch, Greg Ames] ) SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. [Joe Orton] ) SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz
Updated packages for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz
Updated packages for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz
Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz
Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz
Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz
Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz
Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz
Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 12.0 packages: 3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz 86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz
Slackware 12.1 packages: aab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz 1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz
Slackware 12.2 packages: f30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz 18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz
Slackware 13.0 packages: d3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz 0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz
Slackware x86_64 13.0 packages: d15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz 1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz
Slackware 13.1 packages: 9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz 49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz
Slackware x86_64 13.1 packages: 4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz 1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz
Slackware 13.37 packages: 7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz 783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz
Slackware x86_64 13.37 packages: 1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz 8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz
Slackware -current packages: e709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz 97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz
Slackware x86_64 -current packages: 55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz 09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz
Then, restart the httpd daemon.
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Hitachi Multiple Products Apache HTTP Server "httpOnly" Cookie Disclosure Vulnerability
SECUNIA ADVISORY ID: SA51626
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
RELEASE DATE: 2012-12-26
DISCUSS ADVISORY: http://secunia.com/advisories/51626/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51626/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51626
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in multiple products, which can be exploited by malicious people to disclose potentially sensitive information.
For more information see vulnerability #1 in: SA47779
Please see the vendor's advisory for a list of affected products.
ORIGINAL ADVISORY: Hitachi (HS12-033): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0323-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0323.html Issue date: 2012-02-21 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639)
The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607)
A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm
i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm
x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm
i386: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm
x86_64: httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm
i386: httpd-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-manual-2.2.3-63.el5_8.1.i386.rpm mod_ssl-2.2.3-63.el5_8.1.i386.rpm
ia64: httpd-2.2.3-63.el5_8.1.ia64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ia64.rpm httpd-devel-2.2.3-63.el5_8.1.ia64.rpm httpd-manual-2.2.3-63.el5_8.1.ia64.rpm mod_ssl-2.2.3-63.el5_8.1.ia64.rpm
ppc: httpd-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc.rpm httpd-debuginfo-2.2.3-63.el5_8.1.ppc64.rpm httpd-devel-2.2.3-63.el5_8.1.ppc.rpm httpd-devel-2.2.3-63.el5_8.1.ppc64.rpm httpd-manual-2.2.3-63.el5_8.1.ppc.rpm mod_ssl-2.2.3-63.el5_8.1.ppc.rpm
s390x: httpd-2.2.3-63.el5_8.1.s390x.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390.rpm httpd-debuginfo-2.2.3-63.el5_8.1.s390x.rpm httpd-devel-2.2.3-63.el5_8.1.s390.rpm httpd-devel-2.2.3-63.el5_8.1.s390x.rpm httpd-manual-2.2.3-63.el5_8.1.s390x.rpm mod_ssl-2.2.3-63.el5_8.1.s390x.rpm
x86_64: httpd-2.2.3-63.el5_8.1.x86_64.rpm httpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm httpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm httpd-devel-2.2.3-63.el5_8.1.i386.rpm httpd-devel-2.2.3-63.el5_8.1.x86_64.rpm httpd-manual-2.2.3-63.el5_8.1.x86_64.rpm mod_ssl-2.2.3-63.el5_8.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1392.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPRBwPXlSAg2UNWIIRAlvJAJ0TMniw4hLPlG+CAhF6cZd3RqTH3QCfVlvK 6HtbvIeYuOnRkg4sqECy22U= =UZwj -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313
BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667
CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation
Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates.
DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048
ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative
Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652
International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599
Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team
LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher
Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC
Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc.
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048
Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation
QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL)
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389
USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure
Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004.
For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33
For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c
For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532
For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b
For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a
For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e
For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "web server 02-04-/a",
"scope": null,
"trust": 1.5,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "02-02"
},
{
"_id": null,
"model": "linux enterprise software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.65"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"_id": null,
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.2"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.22"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "11.4"
},
{
"_id": null,
"model": "web server 01-02-/b",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server 01-02-/a",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server 01-02-/c",
"scope": null,
"trust": 0.9,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.x to 2.2.21"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7 to v10.7.4"
},
{
"_id": null,
"model": "sparc enterprise m3000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sparc enterprise m4000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sparc enterprise m5000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sparc enterprise m8000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "sparc enterprise m9000 server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "xcp",
"scope": "lt",
"trust": 0.8,
"vendor": "oracle",
"version": "1118"
},
{
"_id": null,
"model": "hp system management homepage",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "v7.1.1 (linux"
},
{
"_id": null,
"model": "hp system management homepage",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "windows and vmware esx)"
},
{
"_id": null,
"model": "hp xp p9000",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "command view advanced edition suite"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "global link manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "provisioning manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "replication manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "tiered storage manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "tuning manager",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "software"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage web server express",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "web server linux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "web server 02-04-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "01-02"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "nsm3000",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "p9000 replication manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1-00"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "p9000 replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "7.0"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-02"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3.1-00"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "web server security enhancement 02-04-/b",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.17"
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "network and security manager software",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "2012.2-"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03"
},
{
"_id": null,
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux enterprise server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "xp p9000 command view advanced edition",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1-00"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01(x64)"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "51.0"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.1"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.4"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "web appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "sophos",
"version": "3.7.9.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.3"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8.0"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.3"
},
{
"_id": null,
"model": "web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "3.7.9"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.60"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "nsmexpress",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "firepass",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-05"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "junos space 13.1r1.6",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "p9000 tiered storage manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-02"
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-03"
},
{
"_id": null,
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "nsm appliance generic offline for centos",
"scope": "ne",
"trust": 0.3,
"vendor": "juniper",
"version": "51"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.50"
},
{
"_id": null,
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.23"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "3.55"
},
{
"_id": null,
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-01"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "web server 02-04-/a (windows(ip",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "big-ip edge gateway hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-05"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "2.2.22-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-09"
},
{
"_id": null,
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"_id": null,
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "onboard administrator",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "3.56"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-04"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.1.0"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "10.0"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "xp provisioning manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.0.0-00"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-05"
},
{
"_id": null,
"model": "web appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "sophos",
"version": "3.8.1.1"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "storwize unified",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.3.1"
},
{
"_id": null,
"model": "web server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-04"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "web server 01-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "9.0"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-10-10"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.65"
},
{
"_id": null,
"model": "p9000 replication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0.0-00"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "p9000 replication monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "3.8.0"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-060"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "cosminexus",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "jboss enterprise web server for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "61.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "xp provisioning manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.0.0-00"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.5"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "linux enterprise sdk sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "web server windows",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-10-03(x64)"
},
{
"_id": null,
"model": "arx",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "6.1"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"_id": null,
"model": "web server 02-04-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "storwize unified",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "big-ip wom hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "web server solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "xp p9000 command view advanced edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.0-00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "web server hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"_id": null,
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "12.2"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"_id": null,
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "p9000 tiered storage manager",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.4.1-00"
},
{
"_id": null,
"model": "cosminexus developer no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.8.2"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "web appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "3.8.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"_id": null,
"model": "junos space",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "11.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.1"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "cosminexus application server no version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.57"
},
{
"_id": null,
"model": "system management homepage",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "7.1.1"
},
{
"_id": null,
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
}
],
"sources": [
{
"db": "BID",
"id": "51706"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "NVD",
"id": "CVE-2012-0053"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m3000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m4000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m5000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m8000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:oracle:sparc_enterprise_m9000_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:xcp",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:xp_p9000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:device_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:global_link_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:provisioning_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:replication_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:tuning_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
}
]
},
"credits": {
"_id": null,
"data": "Norman Hippert",
"sources": [
{
"db": "BID",
"id": "51706"
}
],
"trust": 0.3
},
"cve": "CVE-2012-0053",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2012-0053",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0053",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-0053",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2012-0053",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0053"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "NVD",
"id": "CVE-2012-0053"
}
]
},
"description": {
"_id": null,
"data": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. Apache HTTP Server is prone to an information-disclosure vulnerability. The issue occurs in the default error response for status code 400. \nSuccessful exploits will allow attackers to obtain sensitive information that may aid in further attacks. \nThe vulnerability affects Apache HTTP Server versions 2.2.0 through 2.2.21. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker might obtain sensitive information, gain privileges,\nsend requests to unintended servers behind proxies, bypass certain\nsecurity restrictions, obtain the values of HTTPOnly cookies, or cause\na Denial of Service in various ways. \n\nA local attacker could gain escalated privileges. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[ 2 ] CVE-2010-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[ 3 ] CVE-2010-1452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[ 4 ] CVE-2010-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[ 5 ] CVE-2011-3192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[ 6 ] CVE-2011-3348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[ 7 ] CVE-2011-3368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[ 8 ] CVE-2011-3607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[ 9 ] CVE-2011-4317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. \n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. \n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. \n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03231301\nVersion: 1\n\nHPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running Apache HTTP Server, Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2012-03-27\nLast Updated: 2012-03-27\n\nPotential Security Impact: Remote unauthorized disclosure of information, unauthorized modification, Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). \n\nReferences: CVE-2012-0053, CVE-2012-0031, CVE-2012-0021, CVE-2011-4317, CVE-2011-3607, CVE-2011-3368\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6\nCVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4\nCVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided a hotfix to resolve the vulnerabilities. The SSRT100772 hotfix is available by contacting the normal HP Services support channel. \n\nMANUAL ACTIONS: Yes - NonUpdate\n\nInstall the hotfix for SSRT100772. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS (for HP-UX)\n\nFor HP-UX OV NNM 7.53\nHP-UX B.11.31\nHP-UX B.11.23 (IA)\nHP-UX B.11.23 (PA)\nHP-UX B.11.11\n=============\nOVNNMgr.OVNNM-RUN,fr=B.07.50.00\naction: install the hotfix for SSRT100772\n\nEND AFFECTED VERSIONS (for HP-UX)\n\nHISTORY\nVersion:1 (rev.1) - 27 March 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. The apr-util package has also been\nupdated to the latest version. \n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n+--------------------------+\npatches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. \n Version bump for httpd upgrade. \npatches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. \n *) SECURITY: CVE-2011-3368 (cve.mitre.org)\n Reject requests where the request-URI does not match the HTTP\n specification, preventing unexpected expansion of target URLs in\n some reverse proxy configurations. [Joe Orton]\n *) SECURITY: CVE-2011-3607 (cve.mitre.org)\n Fix integer overflow in ap_pregsub() which, when the mod_setenvif module\n is enabled, could allow local users to gain privileges via a .htaccess\n file. [Stefan Fritsch, Greg Ames]\n *) SECURITY: CVE-2011-4317 (cve.mitre.org)\n Resolve additional cases of URL rewriting with ProxyPassMatch or\n RewriteRule, where particular request-URIs could result in undesired\n backend network exposure in some configurations. \n [Joe Orton]\n *) SECURITY: CVE-2012-0021 (cve.mitre.org)\n mod_log_config: Fix segfault (crash) when the \u0027%{cookiename}C\u0027 log format\n string is in use and a client sends a nameless, valueless cookie, causing\n a denial of service. PR 52256. \n [Eric Covener]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/apr-util-1.4.1-i486-1_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/httpd-2.2.22-i486-1_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/apr-util-1.4.1-i486-1_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.22-i486-1_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/apr-util-1.4.1-i486-1_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.22-i486-1_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/apr-util-1.4.1-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.22-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/apr-util-1.4.1-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.22-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/apr-util-1.4.1-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.22-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/apr-util-1.4.1-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.22-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.22-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/apr-util-1.4.1-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.22-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/apr-util-1.4.1-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.22-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/apr-util-1.4.1-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.2.22-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 12.0 packages:\n3143affee7e89d16a2f5b4f58f1f2c9d apr-util-1.4.1-i486-1_slack12.0.tgz\n86c2b71a544c9533794951f718bd907b httpd-2.2.22-i486-1_slack12.0.tgz\n\nSlackware 12.1 packages:\naab31157fa672bb2bc11851b486c9d5c apr-util-1.4.1-i486-1_slack12.1.tgz\n1362ef9a9b2d355e1cf9b5c7e0ae0607 httpd-2.2.22-i486-1_slack12.1.tgz\n\nSlackware 12.2 packages:\nf30f1f0a949f321b6aefb99a703eca3f apr-util-1.4.1-i486-1_slack12.2.tgz\n18fd6ddd6e6bbf4a7222ade821ec1aa1 httpd-2.2.22-i486-1_slack12.2.tgz\n\nSlackware 13.0 packages:\nd3600fef7f1cabb62554417567fb55ab apr-util-1.4.1-i486-1_slack13.0.txz\n0456c808efb92da333942ff939746d77 httpd-2.2.22-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nd15c2e0a4aa074bbadfa50099da482b2 apr-util-1.4.1-x86_64-1_slack13.0.txz\n1b72685b2519bbf167973d88dce562e1 httpd-2.2.22-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n9c7c2bb99c99f3a6275f0dc9636ce38c apr-util-1.4.1-i486-1_slack13.1.txz\n49a5e4a73be2328d80cca186efe2f6f7 httpd-2.2.22-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n4f9dcb6495c04d3094cc68050440505b apr-util-1.4.1-x86_64-1_slack13.1.txz\n1f378f8a4d990d7298e0155b22cfcf19 httpd-2.2.22-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n7feb382700511d72737c5a31e91ee56e apr-util-1.4.1-i486-1_slack13.37.txz\n783de593b5827c8601e2b486cf98397f httpd-2.2.22-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n1bd4b3df67a0449f3015e82e47cd808d apr-util-1.4.1-x86_64-1_slack13.37.txz\n8999903e736cbb29c055ea2bf66cfed1 httpd-2.2.22-x86_64-1_slack13.37.txz\n\nSlackware -current packages:\ne709c8056cede91c35fd354ad5b654df l/apr-util-1.4.1-i486-1.txz\n97c295a42d4678537c62d6ce54d3e1fa n/httpd-2.2.22-i486-1.txz\n\nSlackware x86_64 -current packages:\n55fdf36b05ff7e82aa9a015289290424 l/apr-util-1.4.1-x86_64-1.txz\n09daa138b81fbf877596e4abc2a01bb6 n/httpd-2.2.22-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg apr-util-1.4.1-i486-1_slack13.37.txz httpd-2.2.22-i486-1_slack13.37.txz\n\nThen, restart the httpd daemon. \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Multiple Products Apache HTTP Server \"httpOnly\" Cookie\nDisclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA51626\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51626/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nRELEASE DATE:\n2012-12-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51626/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51626/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in multiple products, which\ncan be exploited by malicious people to disclose potentially\nsensitive information. \n\nFor more information see vulnerability #1 in:\nSA47779\n\nPlease see the vendor\u0027s advisory for a list of affected products. \n\nORIGINAL ADVISORY:\nHitachi (HS12-033):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security update\nAdvisory ID: RHSA-2012:0323-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0323.html\nIssue date: 2012-02-21\nCVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 \n CVE-2012-0053 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL Desktop Workstation (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. \n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1392) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request. \n(CVE-2011-3639)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header. \nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user. \n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. \nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow\n773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling\n785069 - CVE-2012-0053 httpd: cookie exposure due to error responses\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm\n\ni386:\nhttpd-2.2.3-63.el5_8.1.i386.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm\nmod_ssl-2.2.3-63.el5_8.1.i386.rpm\n\nx86_64:\nhttpd-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm\nmod_ssl-2.2.3-63.el5_8.1.x86_64.rpm\n\nRHEL Desktop Workstation (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm\nhttpd-devel-2.2.3-63.el5_8.1.i386.rpm\nhttpd-manual-2.2.3-63.el5_8.1.i386.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-devel-2.2.3-63.el5_8.1.i386.rpm\nhttpd-devel-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-manual-2.2.3-63.el5_8.1.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm\n\ni386:\nhttpd-2.2.3-63.el5_8.1.i386.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm\nhttpd-devel-2.2.3-63.el5_8.1.i386.rpm\nhttpd-manual-2.2.3-63.el5_8.1.i386.rpm\nmod_ssl-2.2.3-63.el5_8.1.i386.rpm\n\nia64:\nhttpd-2.2.3-63.el5_8.1.ia64.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.ia64.rpm\nhttpd-devel-2.2.3-63.el5_8.1.ia64.rpm\nhttpd-manual-2.2.3-63.el5_8.1.ia64.rpm\nmod_ssl-2.2.3-63.el5_8.1.ia64.rpm\n\nppc:\nhttpd-2.2.3-63.el5_8.1.ppc.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.ppc.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.ppc64.rpm\nhttpd-devel-2.2.3-63.el5_8.1.ppc.rpm\nhttpd-devel-2.2.3-63.el5_8.1.ppc64.rpm\nhttpd-manual-2.2.3-63.el5_8.1.ppc.rpm\nmod_ssl-2.2.3-63.el5_8.1.ppc.rpm\n\ns390x:\nhttpd-2.2.3-63.el5_8.1.s390x.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.s390.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.s390x.rpm\nhttpd-devel-2.2.3-63.el5_8.1.s390.rpm\nhttpd-devel-2.2.3-63.el5_8.1.s390x.rpm\nhttpd-manual-2.2.3-63.el5_8.1.s390x.rpm\nmod_ssl-2.2.3-63.el5_8.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.i386.rpm\nhttpd-debuginfo-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-devel-2.2.3-63.el5_8.1.i386.rpm\nhttpd-devel-2.2.3-63.el5_8.1.x86_64.rpm\nhttpd-manual-2.2.3-63.el5_8.1.x86_64.rpm\nmod_ssl-2.2.3-63.el5_8.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3607.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3639.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0031.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0053.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2011-1392.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPRBwPXlSAg2UNWIIRAlvJAJ0TMniw4hLPlG+CAhF6cZd3RqTH3QCfVlvK\n6HtbvIeYuOnRkg4sqECy22U=\n=UZwj\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and\nSecurity Update 2012-004\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 are now available and address the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.22 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. Further information is available via the Apache web site at\nhttp://httpd.apache.org/. This issue does not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3368\nCVE-2011-3607\nCVE-2011-4317\nCVE-2012-0021\nCVE-2012-0031\nCVE-2012-0053\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A remote attacker may be able to cause a denial of service\nin systems configured to run BIND as a DNS nameserver\nDescription: A reachable assertion issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1. \nThis issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4313\n\nBIND\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: A remote attacker may be able to cause a denial of service,\ndata corruption, or obtain sensitive information from process memory\nin systems configured to run BIND as a DNS nameserver\nDescription: A memory management issue existed in the handling of\nDNS records. This issue was addressed by updating to BIND 9.7.6-P1 on\nOS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-1667\n\nCoreText\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use CoreText may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A bounds checking issue existed in the handling of text\nglyphs, which may lead to out of bounds memory reads or writes. This\nissue was addressed through improved bounds checking. This issue does\nnot affect Mac OS X v10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3716 : Jesse Ruderman of Mozilla Corporation\n\nData Security\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: An attacker with a privileged network position may intercept\nuser credentials or other sensitive information\nDescription: TrustWave, a trusted root CA, has issued, and\nsubsequently revoked, a sub-CA certificate from one of its trusted\nanchors. This sub-CA facilitated the interception of communications\nsecured by Transport Layer Security (TLS). This update adds the\ninvolved sub-CA certificate to OS X\u0027s list of untrusted certificates. \n\nDirectoryService\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8\nImpact: If the DirectoryService Proxy is used, a remote attacker may\ncause a denial of service or arbitrary code execution\nDescription: A buffer overflow existed in the DirectoryService\nProxy. This issue was addressed through improved bounds checking. \nThis issue does not affect OS X Lion and Mountain Lion systems. \nCVE-ID\nCVE-2012-0650 : aazubel working with HP\u0027s Zero Day Initiative\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted PNG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in libpng\u0027s\nhandling of PNG images. These issues were addressed through improved\nvalidation of PNG images. These issues do not affect OS X Mountain\nLion systems. \nCVE-ID\nCVE-2011-3026 : Juri Aedla\nCVE-2011-3048\n\nImageIO\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow issue existed in libTIFF\u0027s handling\nof TIFF images. This issue was addressed through improved validation\nof TIFF images. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-1173 : Alexander Gavrun working with HP\u0027s Zero Day\nInitiative\n\nInstaller\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Remote admins and persons with physical access to the system\nmay obtain account information\nDescription: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented\nuser passwords from being recorded in the system log, but did not\nremove the old log entries. This issue was addressed by deleting log\nfiles that contained passwords. This issue does not affect Mac OS X\n10.6 or OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0652\n\nInternational Components for Unicode\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Applications that use ICU may be vulnerable to an unexpected\napplication termination or arbitrary code execution\nDescription: A stack buffer overflow existed in the handling of ICU\nlocale IDs. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2011-4599\n\nKernel\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: A malicious program could bypass sandbox restrictions\nDescription: A logic issue existed in the handling of debug system\ncalls. This may allow a malicious program to gain code execution in\nother programs with the same user privileges. This issue was\naddressed by disabling handling of addresses in PT_STEP and\nPT_CONTINUE. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0643 : iOS Jailbreak Dream Team\n\nLoginWindow\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A local user may be able to obtain other user\u0027s login\npasswords\nDescription: A user-installed input method could intercept password\nkeystrokes from Login Window or Screen Saver Unlock. This issue was\naddressed by preventing user-installed methods from being used when\nthe system is handling login information. \nCVE-ID\nCVE-2012-3718 : An anonymous researcher\n\nMail\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing an e-mail message may lead to execution of web\nplugins\nDescription: An input validation issue existed in Mail\u0027s handling of\nembedded web plugins. This issue was addressed by disabling third-\nparty plug-ins in Mail. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3719 : Will Dormann of the CERT/CC\n\nMobile Accounts\nAvailable for: OS X Mountain Lion v10.8 and v10.8.1\nImpact: A user with access to the contents of a mobile account may\nobtain the account password\nDescription: Creating a mobile account saved a hash of the password\nin the account, which was used to login when the mobile account was\nused as an external account. The password hash could be used to\ndetermine the user\u0027s password. This issue was addressed by creating\nthe password hash only if external accounts are enabled on the system\nwhere the mobile account is created. \nCVE-ID\nCVE-2012-3720 : Harald Wagener of Google, Inc. \n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,\nOS X Mountain Lion v10.8 and v10.8.1\nImpact: Multiple vulnerabilities in PHP\nDescription: \u003ePHP is updated to version 5.3.15 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the PHP web site at\nhttp://www.php.net\nCVE-ID\nCVE-2012-0831\nCVE-2012-1172\nCVE-2012-1823\nCVE-2012-2143\nCVE-2012-2311\nCVE-2012-2386\nCVE-2012-2688\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: PHP scripts which use libpng may be vulnerable to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nPNG files. This issue was addressed by updating PHP\u0027s copy of libpng\nto version 1.5.10. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3048\n\nProfile Manager\nAvailable for: OS X Lion Server v10.7 to v10.7.4\nImpact: An unauthenticated user could enumerate managed devices\nDescription: An authentication issue existed in the Device\nManagement private interface. This issue was addressed by removing\nthe interface. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2012-3721 : Derick Cassidy of XEquals Corporation\n\nQuickLook\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted .pict file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n.pict files. This issue was addressed through improved validation of\n.pict files. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the\nQualys Vulnerability \u0026 Malware Research Labs (VMRL)\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An integer overflow existed in QuickTime\u0027s handling of\nsean atoms. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft)\nworking with HP\u0027s Zero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access existed in the handling\nof Sorenson encoded movie files. This issue was addressed through\nimproved memory initialization. This issue does not affect OS X\nMountain Lion systems. \nCVE-ID\nCVE-2012-3722 : Will Dormann of the CERT/CC\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of RLE\nencoded movie files. This issue was addressed through improved bounds\nchecking. This issue does not affect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-0668 : Luigi Auriemma working with HP\u0027s Zero Day Initiative\n\nRuby\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4\nImpact: An attacker may be able to decrypt data protected by SSL\nDescription: There are known attacks on the confidentiality of SSL\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. \nThe Ruby OpenSSL module disabled the \u0027empty fragment\u0027 countermeasure\nwhich prevented these attacks. This issue was addressed by enabling\nempty fragments. This issue does not affect OS X Mountain Lion\nsystems. \nCVE-ID\nCVE-2011-3389\n\nUSB\nAvailable for: OS X Lion v10.7 to v10.7.4,\nOS X Lion Server v10.7 to v10.7.4\nImpact: Attaching a USB device may lead to an unexpected system\ntermination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\nUSB hub descriptors. This issue was addressed through improved\nhandling of the bNbrPorts descriptor field. This issue does not\naffect OS X Mountain Lion systems. \nCVE-ID\nCVE-2012-3723 : Andy Davis of NGS Secure\n\nNote: OS X Mountain Lion v10.8.2 includes the content of\nSafari 6.0.1. For further details see \"About the security content\nof Safari 6.0.1\" at http://http//support.apple.com/kb/HT5502\n\n\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update\n2012-004 may be obtained from the Software Update pane in System\nPreferences, or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update\n2012-004. \n\nFor OS X Mountain Lion v10.8.1\nThe download file is named: OSXUpd10.8.2.dmg\nIts SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33\n\nFor OS X Mountain Lion v10.8\nThe download file is named: OSXUpdCombo10.8.2.dmg\nIts SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c\n\nFor OS X Lion v10.7.4\nThe download file is named: MacOSXUpd10.7.5.dmg\nIts SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532\n\nFor OS X Lion v10.7 and v10.7.3\nThe download file is named: MacOSXUpdCombo10.7.5.dmg\nIts SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b\n\nFor OS X Lion Server v10.7.4\nThe download file is named: MacOSXServerUpd10.7.5.dmg\nIts SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a\n\nFor OS X Lion Server v10.7 and v10.7.3\nThe download file is named: MacOSXServerUpdCombo10.7.5.dmg\nIts SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2012-004.dmg\nIts SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2012-004.dmg\nIts SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e\nQm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW\npc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE\nDQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO\nQyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n\n7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm\n7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO\nBOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5\nw4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3\n+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK\nq5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2\nxyBfrQfG/dsif6jGHaot\n=8joH\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0053"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "BID",
"id": "51706"
},
{
"db": "VULMON",
"id": "CVE-2012-0053"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "111293"
},
{
"db": "PACKETSTORM",
"id": "112059"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "119095"
},
{
"db": "PACKETSTORM",
"id": "110036"
},
{
"db": "PACKETSTORM",
"id": "113582"
},
{
"db": "PACKETSTORM",
"id": "116792"
}
],
"trust": 2.79
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=18442",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0053"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2012-0053",
"trust": 3.0
},
{
"db": "JUNIPER",
"id": "JSA10585",
"trust": 1.3
},
{
"db": "BID",
"id": "51706",
"trust": 1.3
},
{
"db": "SECUNIA",
"id": "48551",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258",
"trust": 0.8
},
{
"db": "HITACHI",
"id": "HS12-033",
"trust": 0.4
},
{
"db": "JUNIPER",
"id": "JSA10642",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "51626",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2012-0053",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112503",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111293",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112059",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109725",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119095",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110036",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113582",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116792",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0053"
},
{
"db": "BID",
"id": "51706"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "111293"
},
{
"db": "PACKETSTORM",
"id": "112059"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "119095"
},
{
"db": "PACKETSTORM",
"id": "110036"
},
{
"db": "PACKETSTORM",
"id": "113582"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "NVD",
"id": "CVE-2012-0053"
}
]
},
"id": "VAR-201201-0038",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.33942824
},
"last_update_date": "2026-03-09T21:51:11.102000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.2.22-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"title": "1235454",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454"
},
{
"title": "APPLE-SA-2012-09-19-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5501"
},
{
"title": "HT5501",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5501?viewlocale=ja_JP"
},
{
"title": "HS12-033",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-033/index.html"
},
{
"title": "HS13-001",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-001/index.html"
},
{
"title": "HPSBST02848 SSRT101112",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03691745"
},
{
"title": "HPSBMU02786 SSRT100877",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"title": "openSUSE-SU-2012:0314",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2012",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"title": "Bug 785069",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069"
},
{
"title": "RHSA-2012:0128",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"title": "CVE-2012-0053 Information Disclosure vulnerability in Apache HTTP Server ",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0053_information_disclosure"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "Multiple vulnerabilities in Apache HTTP Server 1.3",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1"
},
{
"title": "JSA10585",
"trust": 0.8,
"url": "http://kb.juniper.net/JSA10585"
},
{
"title": "HS12-033",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html"
},
{
"title": "HS13-001",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-001/index.html"
},
{
"title": "Interstage HTTP Server: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027(CVE-2012-0053)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201203.html"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120323 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2012-046",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-046"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1368-1"
},
{
"title": "xss_payloads",
"trust": 0.1,
"url": "https://github.com/nettitude/xss_payloads "
},
{
"title": "CVE20120053Demo",
"trust": 0.1,
"url": "https://github.com/jonathansp/CVE20120053Demo "
},
{
"title": "Apache-Vulns",
"trust": 0.1,
"url": "https://github.com/styx00/Apache-Vulns "
},
{
"title": "https://github.com/goddemondemongod/Sec-Interview",
"trust": 0.1,
"url": "https://github.com/goddemondemongod/Sec-Interview "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-0053"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "NVD",
"id": "CVE-2012-0053"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.3,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0543.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://kb.juniper.net/jsa10585"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=136441204617335\u0026w=2"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/48551"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1235454"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.0,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.debian.org/security/2012/dsa-2405"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/51706"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0542.html"
},
{
"trust": 1.0,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:012"
},
{
"trust": 1.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=785069"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0128.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0053"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu381963/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0053"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.6,
"url": "http://support.avaya.com/css/p8/documents/100158872"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
},
{
"trust": 0.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs12-033/index.html"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.3,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03691745"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10642\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201307.mbox/%3c20130710124920.2b8793ed.wrowe%40rowe-clan.net%3e"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 0.3,
"url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigational"
},
{
"trust": 0.3,
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
},
{
"trust": 0.3,
"url": "http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10585"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100157326"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150"
},
{
"trust": 0.3,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03315912"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201203e.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15273.html"
},
{
"trust": 0.3,
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"trust": 0.3,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.3,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3607.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0031.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0053.html"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-25.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3368.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1330.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3348.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0021.html"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/try.do?productnumber=hpuxwsatw235"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxwsatw323"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0021"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4317"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3607"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3368"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51626/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51626"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51626/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0323.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3639"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1392.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3639.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2110"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1473"
},
{
"trust": 0.1,
"url": "http://www.hp.com/swpublishing/mtx-e41b71e6cfbe471dbd029deaab"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0884"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2691"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "http://www.php.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4313"
},
{
"trust": 0.1,
"url": "http://http//support.apple.com/kb/ht5502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3048"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0668"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0831"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1173"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0652"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2311"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1667"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2386"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0650"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0643"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3716"
}
],
"sources": [
{
"db": "BID",
"id": "51706"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "111293"
},
{
"db": "PACKETSTORM",
"id": "112059"
},
{
"db": "PACKETSTORM",
"id": "109725"
},
{
"db": "PACKETSTORM",
"id": "119095"
},
{
"db": "PACKETSTORM",
"id": "110036"
},
{
"db": "PACKETSTORM",
"id": "113582"
},
{
"db": "PACKETSTORM",
"id": "116792"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
},
{
"db": "NVD",
"id": "CVE-2012-0053"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2012-0053",
"ident": null
},
{
"db": "BID",
"id": "51706",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114141",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112503",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "111293",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112059",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109725",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "119095",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "110036",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "113582",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "116792",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001258",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2012-0053",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2012-01-28T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0053",
"ident": null
},
{
"date": "2012-01-23T00:00:00",
"db": "BID",
"id": "51706",
"ident": null
},
{
"date": "2012-06-24T23:54:52",
"db": "PACKETSTORM",
"id": "114141",
"ident": null
},
{
"date": "2012-05-07T20:02:40",
"db": "PACKETSTORM",
"id": "112503",
"ident": null
},
{
"date": "2012-03-29T03:38:57",
"db": "PACKETSTORM",
"id": "111293",
"ident": null
},
{
"date": "2012-04-21T00:19:01",
"db": "PACKETSTORM",
"id": "112059",
"ident": null
},
{
"date": "2012-02-13T21:12:34",
"db": "PACKETSTORM",
"id": "109725",
"ident": null
},
{
"date": "2012-12-27T07:16:59",
"db": "PACKETSTORM",
"id": "119095",
"ident": null
},
{
"date": "2012-02-22T02:10:49",
"db": "PACKETSTORM",
"id": "110036",
"ident": null
},
{
"date": "2012-06-12T22:49:22",
"db": "PACKETSTORM",
"id": "113582",
"ident": null
},
{
"date": "2012-09-22T06:30:43",
"db": "PACKETSTORM",
"id": "116792",
"ident": null
},
{
"date": "2012-02-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001258",
"ident": null
},
{
"date": "2012-01-28T04:05:00.797000",
"db": "NVD",
"id": "CVE-2012-0053",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0053",
"ident": null
},
{
"date": "2015-04-13T21:30:00",
"db": "BID",
"id": "51706",
"ident": null
},
{
"date": "2015-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001258",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-0053",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "network",
"sources": [
{
"db": "BID",
"id": "51706"
}
],
"trust": 0.3
},
"title": {
"_id": null,
"data": "Apache HTTP Server of protocol.c In HTTPOnly Cookie Vulnerability that gets the value of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001258"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "51706"
}
],
"trust": 0.3
}
}
VAR-201302-0021
Vulnerability from variot - Updated: 2026-03-09 21:46Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Apache HTTP Server versions prior to 2.4.4 are vulnerable.
CVE-2012-3499
The modules mod_info, mod_status, mod_imagemap, mod_ldap, and
mod_proxy_ftp did not properly escape hostnames and URIs in
HTML output, causing cross site scripting vulnerabilities.
CVE-2012-4558
Mod_proxy_balancer did not properly escape hostnames and URIs
in its balancer-manager interface, causing a cross site scripting
vulnerability.
CVE-2013-1048
Hayawardh Vijayakumar noticed that the apache2ctl script created
the lock directory in an unsafe manner, allowing a local attacker
to gain elevated privileges via a symlink attack.
For the stable distribution (squeeze), these problems have been fixed in version 2.2.16-6+squeeze11.
For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-13.
For the unstable distribution (sid), these problems will be fixed in version 2.2.22-13.
We recommend that you upgrade your apache2 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Web Server 2.0.1 update Advisory ID: RHSA-2013:1011-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1011.html Issue date: 2013-07-03 CVE Names: CVE-2012-3499 CVE-2012-3544 CVE-2012-4558 CVE-2013-2067 CVE-2013-2071 =====================================================================
- Summary:
Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 2 for RHEL 5 Server - i386, noarch, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/
The following security issues are also fixed with this release:
Cross-site scripting (XSS) flaws were found in the Apache HTTP Server mod_proxy_balancer module's manager web interface. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header. (CVE-2012-3499)
A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. (CVE-2013-2067)
A denial of service flaw was found in the way the Tomcat chunked transfer encoding input filter processed CRLF sequences. A remote attacker could use this flaw to send an excessively long request, consuming network bandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding is enabled by default. (CVE-2012-3544)
A flaw was found in the way the Tomcat 7 asynchronous context implementation performed request management in certain circumstances. If an application used AsyncListeners and threw RuntimeExceptions, Tomcat could send a reply that contains information from a different user's request, possibly leading to the disclosure of sensitive information. This issue only affected Tomcat 7. (CVE-2013-2071)
Note: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat JBoss Web Server 1 installed.
Warning: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
All users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5 are advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server process must be restarted for this update to take effect.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames 915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface 961779 - CVE-2013-2067 tomcat: Session fixation in form authenticator 961783 - CVE-2012-3544 tomcat: Limited DoS in chunked transfer encoding input filter 961803 - CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions
- Package List:
Red Hat JBoss Web Server 2 for RHEL 5 Server:
Source: apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.src.rpm apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.src.rpm apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.src.rpm dom4j-1.6.1-19.redhat_5.ep6.el5.src.rpm ecj3-3.7.2-6.redhat_1.ep6.el5.src.rpm httpd-2.2.22-23.ep6.el5.src.rpm mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.src.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.src.rpm mod_jk-1.2.37-2.redhat_1.ep6.el5.src.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el5.src.rpm tomcat6-6.0.37-8_patch_01.ep6.el5.src.rpm tomcat7-7.0.40-9_patch_01.ep6.el5.src.rpm
i386: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.i386.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.i386.rpm httpd-2.2.22-23.ep6.el5.i386.rpm httpd-debuginfo-2.2.22-23.ep6.el5.i386.rpm httpd-devel-2.2.22-23.ep6.el5.i386.rpm httpd-manual-2.2.22-23.ep6.el5.i386.rpm httpd-tools-2.2.22-23.ep6.el5.i386.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.i386.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.i386.rpm mod_jk-manual-1.2.37-2.redhat_1.ep6.el5.i386.rpm mod_ssl-2.2.22-23.ep6.el5.i386.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el5.i386.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.i386.rpm
noarch: apache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.noarch.rpm apache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm apache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm dom4j-1.6.1-19.redhat_5.ep6.el5.noarch.rpm ecj3-3.7.2-6.redhat_1.ep6.el5.noarch.rpm mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm mod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm mod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm mod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm tomcat6-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-admin-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-docs-webapp-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-el-1.0-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-javadoc-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-lib-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-log4j-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat6-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm tomcat7-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-admin-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-docs-webapp-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-el-1.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-javadoc-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-jsp-2.2-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-lib-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-log4j-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-servlet-3.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm tomcat7-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm
x86_64: apache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm httpd-2.2.22-23.ep6.el5.x86_64.rpm httpd-debuginfo-2.2.22-23.ep6.el5.x86_64.rpm httpd-devel-2.2.22-23.ep6.el5.x86_64.rpm httpd-manual-2.2.22-23.ep6.el5.x86_64.rpm httpd-tools-2.2.22-23.ep6.el5.x86_64.rpm mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm mod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm mod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm mod_jk-manual-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm mod_ssl-2.2.22-23.ep6.el5.x86_64.rpm tomcat-native-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm tomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-3499.html https://www.redhat.com/security/data/cve/CVE-2012-3544.html https://www.redhat.com/security/data/cve/CVE-2012-4558.html https://www.redhat.com/security/data/cve/CVE-2013-2067.html https://www.redhat.com/security/data/cve/CVE-2013-2071.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/site/documentation/ https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFR1FtaXlSAg2UNWIIRAmppAJ9JqTKjlMUw+Fk2fJ3Q6odbYoA5igCfTW0J jc7eLnAzD5kw2nqSpKNb/Hc= =x+vm -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558 http://httpd.apache.org/security/vulnerabilities_22.html http://www.apache.org/dist/httpd/CHANGES_2.2.24 https://issues.apache.org/bugzilla/show_bug.cgi?id=53219
Updated Packages:
Mandriva Business Server 1/X86_64: 7509c635731abff8de4726b3f490a65a mbs1/x86_64/apache-2.2.24-1.mbs1.x86_64.rpm c8d15d2347a4186119c59fe34ac83314 mbs1/x86_64/apache-devel-2.2.24-1.mbs1.x86_64.rpm e128a1f644d5d96fe4ad08c25278af59 mbs1/x86_64/apache-doc-2.2.24-1.mbs1.noarch.rpm f1a8fa36a6f42d9e75570c497a338a21 mbs1/x86_64/apache-htcacheclean-2.2.24-1.mbs1.x86_64.rpm b3637ef4aec30f46cef5b4cb6c70fb16 mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.mbs1.x86_64.rpm 529da28cbb446db208c3416d57519c31 mbs1/x86_64/apache-mod_cache-2.2.24-1.mbs1.x86_64.rpm 19cbba7b984d375755ab152af36fa085 mbs1/x86_64/apache-mod_dav-2.2.24-1.mbs1.x86_64.rpm 1eccf69d4657a3dcc7e73d9fba4ab133 mbs1/x86_64/apache-mod_dbd-2.2.24-1.mbs1.x86_64.rpm 4cd7e5cddc596281e925e45acf9f2745 mbs1/x86_64/apache-mod_deflate-2.2.24-1.mbs1.x86_64.rpm 3336f3e2daf72b958e5dafb5212c3c33 mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.mbs1.x86_64.rpm 7b7ed707bb38b26061d755b981551da2 mbs1/x86_64/apache-mod_file_cache-2.2.24-1.mbs1.x86_64.rpm ad7cc8bd814d6fe7123edcd911acd61e mbs1/x86_64/apache-mod_ldap-2.2.24-1.mbs1.x86_64.rpm ea30ba683d4a3c761424d85d127038e9 mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.mbs1.x86_64.rpm 273dec6dcaa57765722bc617054f4326 mbs1/x86_64/apache-mod_proxy-2.2.24-1.mbs1.x86_64.rpm 1e2301a111dd7cef51544d46ee2fecd5 mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.mbs1.x86_64.rpm bf87d20545719e432451c9af603acd26 mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.mbs1.x86_64.rpm 884fb55f90be44415f9cf8a67d2c25bc mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.mbs1.x86_64.rpm ac91f11c0c7d4b15e30a7f08761a55db mbs1/x86_64/apache-mod_ssl-2.2.24-1.mbs1.x86_64.rpm aa3ee3fd0993015a3ad21af92db10cf3 mbs1/x86_64/apache-mod_suexec-2.2.24-1.mbs1.x86_64.rpm bc99a7d1879fff69044d1e0ab716f6d4 mbs1/x86_64/apache-mod_userdir-2.2.24-1.mbs1.x86_64.rpm 1ebcb5de0cdabdd483d03cd90b37e922 mbs1/x86_64/apache-mpm-event-2.2.24-1.mbs1.x86_64.rpm edd2a1509f2f4a0ef6db792db02d6d5f mbs1/x86_64/apache-mpm-itk-2.2.24-1.mbs1.x86_64.rpm 8f923499d4f47bd8de82621b15b7e2e0 mbs1/x86_64/apache-mpm-peruser-2.2.24-1.mbs1.x86_64.rpm de40119e6d0c18efcc5d42986bcbb92d mbs1/x86_64/apache-mpm-prefork-2.2.24-1.mbs1.x86_64.rpm 110746aad4564a1dba52be50c996c582 mbs1/x86_64/apache-mpm-worker-2.2.24-1.mbs1.x86_64.rpm a3d0a7163dbe01862ae830eac0ee81b8 mbs1/x86_64/apache-source-2.2.24-1.mbs1.noarch.rpm 509beb781e5871d20135d2407aa5cf07 mbs1/SRPMS/apache-2.2.24-1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03734195
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03734195 Version: 1
HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2013-04-15 Last Updated: 2013-04-12
Potential Security Impact: Remote Denial of Service (DoS), execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities.
References: HP-UX Apache: CVE-2007-6750, CVE-2012-2687, CVE-2012-3499, CVE-2012-4557, CVE-2012 -4558, CVE-2012-4929 Tomcat v6.0 and v7.0: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.25 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2687 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2012-2733 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-3499 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4431 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4534 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-4557 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-4558 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-4929 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the vulnerability. The update for B.11.23 and B.11.31 is available for download from ftp://sb_02866:6hq{PM6a@ftp.usa.hp.com
Web Server Suite Version Apache Depot Name
HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat B.5.5.36.01 HP-UX_11.23_HPUXWS22ATW-B326-11-23-64.depot
HP-UX_11.23_HPUXWS22ATW-B326-11-23-32.depot
HP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat C.6.0.36.01 HP-UX_11.31_HPUXWS22ATW-B326-11-31-64.depot
HP-UX_11.31_HPUXWS22ATW-B326-11-31-32.depot
Tomcat D.7.035.01 HP-UX_11.31_hpuxws22Tomcat_D.7.0.35.01_HP-UX_B.11.31_IA_PA.depot
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.26 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.15.15 or subsequent
HP-UX B.11.31
hpuxws22TOMCAT.TOMCAT action: install revision C.6.0.36.01 or subsequent
HP-UX B.11.31
hpuxws22TOMCAT.TOMCAT action: install revision D.7.0.35.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 15 April 2013 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2012-4558)
A flaw was found in the way the mod_dav module handled merge requests. (CVE-2013-1896)
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially-crafted XML signature block. (CVE-2013-2172)
It was found that mod_rewrite did not filter terminal escape sequences from its log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user. (CVE-2013-1862)
The data file used by PicketBox Vault to store encrypted passwords contains a copy of its own admin key. The file is encrypted using only this admin key, not the corresponding JKS key. A local attacker with permission to read the vault data file could read the admin key from the file, and use it to decrypt the file and read the stored passwords in clear text. This could be exploited to read diagnostic information (information disclosure) and attain limited remote code execution. Solution:
The References section of this erratum contains a download link (you must log in to download the update).
Here are the details from the Slackware 14.0 ChangeLog: +--------------------------+ patches/packages/httpd-2.4.4-i486-1_slack14.0.txz: Upgraded. This update provides bugfixes and enhancements. [Jim Jagielski, Stefan Fritsch, Niels Heinen ] * XSS in mod_proxy_balancer manager interface. [Jim Jagielski, Niels Heinen ] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.24-i486-1_slack12.1.tgz
Updated package for Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.24-i486-1_slack12.2.tgz
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.24-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.24-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.24-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.24-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.24-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.24-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.4-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.4-x86_64-1_slack14.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.4-i486-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.4-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 12.1 package: cdc26999b5fd2787f1eaef285dad47bc httpd-2.2.24-i486-1_slack12.1.tgz
Slackware 12.2 package: 7671b12ad7b163c1aba0fb7278349c0d httpd-2.2.24-i486-1_slack12.2.tgz
Slackware 13.0 package: 5ca815faf37f28c2e365f47643d7b9a4 httpd-2.2.24-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 715fa297d5451dafdbe1b296565b3a08 httpd-2.2.24-x86_64-1_slack13.0.txz
Slackware 13.1 package: 4246568ea7eada4c3c4dc6bd95464784 httpd-2.2.24-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 2ee64f87af8563132fccfe53e9f0f4c9 httpd-2.2.24-x86_64-1_slack13.1.txz
Slackware 13.37 package: 252c123e2a3c03aff1aa2112050de945 httpd-2.2.24-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 9a5fcc681c89c131478910d999e25170 httpd-2.2.24-x86_64-1_slack13.37.txz
Slackware 14.0 package: 32d6ffa35ea58aaf4d9e325b857c4e11 httpd-2.4.4-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 889197760474094bce962f900f5258b1 httpd-2.4.4-x86_64-1_slack14.0.txz
Slackware -current package: ae7a5606e6ec97ec74ab64bf7cde5c03 n/httpd-2.4.4-i486-1.txz
Slackware x86_64 -current package: 09c32bd3fef0741e0743c0590e72f9d2 n/httpd-2.4.4-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg httpd-2.4.4-i486-1_slack14.0.txz
Then, restart Apache httpd:
/etc/rc.d/rc.httpd stop
/etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update 2013-004
OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses the following:
Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24. CVE-ID CVE-2012-0883 CVE-2012-2687 CVE-2012-3499 CVE-2012-4558
Bind Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in BIND Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems. CVE-ID CVE-2012-3817 CVE-2012-4244 CVE-2012-5166 CVE-2012-5688 CVE-2013-2266
Certificate Trust Policy Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
ClamAV Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5 Impact: Multiple vulnerabilities in ClamAV Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8. CVE-ID CVE-2013-2020 CVE-2013-2021
CoreGraphics Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team
ImageIO Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team
Installer Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Packages could be opened after certificate revocation Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package. CVE-ID CVE-2013-1027
IPSec Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A local network user may cause a denial of service Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check. CVE-ID CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
Mobile Device Management Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Passwords may be disclosed to other local users Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe. CVE-ID CVE-2013-1030 : Per Olofsson at the University of Gothenburg
OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y. CVE-ID CVE-2012-2686 CVE-2013-0166 CVE-2013-0169
PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26. CVE-ID CVE-2013-1635 CVE-2013-1643 CVE-2013-1824 CVE-2013-2110
PostgreSQL Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Multiple vulnerabilities in PostgreSQL Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. This update addresses the issues by updating PostgreSQL to version 9.0.13. CVE-ID CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1902 CVE-2013-1903
Power Management Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: The screen saver may not start after the specified time period Description: A power assertion lock issue existed. This issue was addressed through improved lock handling. CVE-ID CVE-2013-1031
QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1032 : Jason Kratzer working with iDefense VCP
Screen Lock Available for: OS X Mountain Lion v10.8 to v10.8.4 Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking. CVE-ID CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq
Note: OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.
OS X Mountain Lion v10.8.5 and Security Update 2013-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.5, or Security Update 2013-004.
For OS X Mountain Lion v10.8.4 The download file is named: OSXUpd10.8.5.dmg Its SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11
For OS X Mountain Lion v10.8 and v10.8.3 The download file is named: OSXUpdCombo10.8.5.dmg Its SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2
For OS X Lion v10.7.5 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0
For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355
For Mac OS X v10.6.8 The download file is named: SecUpd2013-004.dmg Its SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-004.dmg Its SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4 QxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc +WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ bZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN 1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3 H9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ hDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ 8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa V2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl ytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I yoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn vBrJ5gm+nnyRe2TUMAwz =h9hc -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1765-1 March 18, 2013
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. (CVE-2012-4557)
It was discovered that the apache2ctl script shipped in Ubuntu packages incorrectly created the lock directory. A local attacker could possibly use this issue to gain privileges. The symlink protections in Ubuntu 11.10 and later should reduce this vulnerability to a denial of service. (CVE-2013-1048)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: apache2.2-common 2.2.22-6ubuntu2.2
Ubuntu 12.04 LTS: apache2.2-common 2.2.22-1ubuntu1.3
Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.4
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.11
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.25
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.8,
"vendor": "hitachi",
"version": "08-00-01"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.17"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.4.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.23"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.22"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.4.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "07-00-06"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "07-00-03"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- custom edition"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.4.4"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.5"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage web server express",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.24-dev"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v8.5"
},
{
"_id": null,
"model": "fusion middleware",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "of oracle forms reports 11.1.2.1"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.6.0"
},
{
"_id": null,
"model": "webotx enterprise service bus",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v8.5"
},
{
"_id": null,
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.x"
},
{
"_id": null,
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "11.1.1.7.0"
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v8.5"
},
{
"_id": null,
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "2.4.x"
},
{
"_id": null,
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"_id": null,
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v8.5"
},
{
"_id": null,
"model": "cosminexus http server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"_id": null,
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "webotx portal",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v8.2 to v8.4"
},
{
"_id": null,
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.8 to v10.8.4"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.8"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"_id": null,
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"_id": null,
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.7.5"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-08"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-09"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00-02"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/c",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-10-06"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-00-10"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "07-03-02"
},
{
"_id": null,
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition l11",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "5"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-05"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus service platform messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/i",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "web server aix",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-02"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-02"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-12"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-00"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-02"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus developer 06-71-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-60"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
},
{
"_id": null,
"model": "ucosminexus developer 06-70-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-53"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/e",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.7"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-02"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10"
},
{
"_id": null,
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.4.2"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "ucosminexus application server 06-71-/c",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-10-01"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-03-03"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "web server 01-02-/d",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-01"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "interstage business application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-10"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00-01"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20-01"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/j",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "ucosminexus application server 06-70-/d (windows",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "08-50"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-00"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50-09"
},
{
"_id": null,
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"_id": null,
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-50"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "07-20"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "os/400 v6r1m0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "8"
},
{
"_id": null,
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "7"
}
],
"sources": [
{
"db": "BID",
"id": "58165"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "NVD",
"id": "CVE-2012-3499"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:fusion_middleware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:oracle:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_portal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
}
]
},
"credits": {
"_id": null,
"data": "IBM",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
}
],
"trust": 0.6
},
"cve": "CVE-2012-3499",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-3499",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-3499",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-3499",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201302-520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2012-3499",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-3499"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "NVD",
"id": "CVE-2012-3499"
}
]
},
"description": {
"_id": null,
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. \nAn attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nApache HTTP Server versions prior to 2.4.4 are vulnerable. \n\nCVE-2012-3499\n\n The modules mod_info, mod_status, mod_imagemap, mod_ldap, and\n mod_proxy_ftp did not properly escape hostnames and URIs in\n HTML output, causing cross site scripting vulnerabilities. \n\nCVE-2012-4558\n\n Mod_proxy_balancer did not properly escape hostnames and URIs\n in its balancer-manager interface, causing a cross site scripting\n vulnerability. \n\nCVE-2013-1048\n\n Hayawardh Vijayakumar noticed that the apache2ctl script created\n the lock directory in an unsafe manner, allowing a local attacker\n to gain elevated privileges via a symlink attack. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.2.16-6+squeeze11. \n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-13. \n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.2.22-13. \n\nWe recommend that you upgrade your apache2 packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Web Server 2.0.1 update\nAdvisory ID: RHSA-2013:1011-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2013-1011.html\nIssue date: 2013-07-03\nCVE Names: CVE-2012-3499 CVE-2012-3544 CVE-2012-4558 \n CVE-2013-2067 CVE-2013-2071 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Web Server 2.0.1, which fixes multiple security issues and\nseveral bugs, is now available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server - i386, noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nThis release serves as a replacement for Red Hat JBoss Web Server 2.0.0,\nand includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1\nRelease Notes for information on the most significant of these changes,\navailable shortly from https://access.redhat.com/site/documentation/\n\nThe following security issues are also fixed with this release:\n\nCross-site scripting (XSS) flaws were found in the Apache HTTP Server\nmod_proxy_balancer module\u0027s manager web interface. An\nattacker could possibly use these flaws to perform XSS attacks if they were\nable to make the victim\u0027s browser generate an HTTP request with a\nspecially-crafted Host header. (CVE-2012-3499)\n\nA session fixation flaw was found in the Tomcat FormAuthenticator module. \nDuring a narrow window of time, if a remote attacker sent requests while a\nuser was logging in, it could possibly result in the attacker\u0027s requests\nbeing processed as if they were sent by the user. (CVE-2013-2067)\n\nA denial of service flaw was found in the way the Tomcat chunked transfer\nencoding input filter processed CRLF sequences. A remote attacker could\nuse this flaw to send an excessively long request, consuming network\nbandwidth, CPU, and memory on the Tomcat server. Chunked transfer encoding\nis enabled by default. (CVE-2012-3544)\n\nA flaw was found in the way the Tomcat 7 asynchronous context\nimplementation performed request management in certain circumstances. If an\napplication used AsyncListeners and threw RuntimeExceptions, Tomcat could\nsend a reply that contains information from a different user\u0027s request,\npossibly leading to the disclosure of sensitive information. This issue\nonly affected Tomcat 7. (CVE-2013-2071)\n\nNote: Do not install Red Hat JBoss Web Server 2 on a host which has Red Hat\nJBoss Web Server 1 installed. \n\nWarning: Before applying the update, back up your existing Red Hat JBoss\nWeb Server installation (including all applications and configuration\nfiles). \n\nAll users of Red Hat JBoss Web Server 2.0.0 on Red Hat Enterprise Linux 5\nare advised to upgrade to Red Hat JBoss Web Server 2.0.1. The JBoss server\nprocess must be restarted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames\n915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface\n961779 - CVE-2013-2067 tomcat: Session fixation in form authenticator\n961783 - CVE-2012-3544 tomcat: Limited DoS in chunked transfer encoding input filter\n961803 - CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions\n\n6. Package List:\n\nRed Hat JBoss Web Server 2 for RHEL 5 Server:\n\nSource:\napache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.src.rpm\napache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.src.rpm\napache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.src.rpm\ndom4j-1.6.1-19.redhat_5.ep6.el5.src.rpm\necj3-3.7.2-6.redhat_1.ep6.el5.src.rpm\nhttpd-2.2.22-23.ep6.el5.src.rpm\nmod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.src.rpm\nmod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.src.rpm\nmod_jk-1.2.37-2.redhat_1.ep6.el5.src.rpm\ntomcat-native-1.1.27-4.redhat_1.ep6.el5.src.rpm\ntomcat6-6.0.37-8_patch_01.ep6.el5.src.rpm\ntomcat7-7.0.40-9_patch_01.ep6.el5.src.rpm\n\ni386:\napache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.i386.rpm\napache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.i386.rpm\nhttpd-2.2.22-23.ep6.el5.i386.rpm\nhttpd-debuginfo-2.2.22-23.ep6.el5.i386.rpm\nhttpd-devel-2.2.22-23.ep6.el5.i386.rpm\nhttpd-manual-2.2.22-23.ep6.el5.i386.rpm\nhttpd-tools-2.2.22-23.ep6.el5.i386.rpm\nmod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm\nmod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.i386.rpm\nmod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.i386.rpm\nmod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.i386.rpm\nmod_jk-manual-1.2.37-2.redhat_1.ep6.el5.i386.rpm\nmod_ssl-2.2.22-23.ep6.el5.i386.rpm\ntomcat-native-1.1.27-4.redhat_1.ep6.el5.i386.rpm\ntomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.i386.rpm\n\nnoarch:\napache-commons-daemon-eap6-1.0.15-4.redhat_1.ep6.el5.noarch.rpm\napache-commons-pool-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm\napache-commons-pool-tomcat-eap6-1.6-6.redhat_4.ep6.el5.noarch.rpm\ndom4j-1.6.1-19.redhat_5.ep6.el5.noarch.rpm\necj3-3.7.2-6.redhat_1.ep6.el5.noarch.rpm\nmod_cluster-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm\nmod_cluster-demo-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm\nmod_cluster-tomcat6-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm\nmod_cluster-tomcat7-1.2.4-1.Final_redhat_1.ep6.el5.noarch.rpm\ntomcat6-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-el-1.0-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-javadoc-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-lib-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-log4j-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat6-webapps-6.0.37-8_patch_01.ep6.el5.noarch.rpm\ntomcat7-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-admin-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-docs-webapp-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-el-1.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-javadoc-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-lib-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-log4j-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.40-9_patch_01.ep6.el5.noarch.rpm\ntomcat7-webapps-7.0.40-9_patch_01.ep6.el5.noarch.rpm\n\nx86_64:\napache-commons-daemon-jsvc-eap6-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm\napache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-1.redhat_1.ep6.el5.x86_64.rpm\nhttpd-2.2.22-23.ep6.el5.x86_64.rpm\nhttpd-debuginfo-2.2.22-23.ep6.el5.x86_64.rpm\nhttpd-devel-2.2.22-23.ep6.el5.x86_64.rpm\nhttpd-manual-2.2.22-23.ep6.el5.x86_64.rpm\nhttpd-tools-2.2.22-23.ep6.el5.x86_64.rpm\nmod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm\nmod_cluster-native-debuginfo-1.2.4-1.Final.redhat_1.ep6.el5.x86_64.rpm\nmod_jk-ap22-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm\nmod_jk-debuginfo-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm\nmod_jk-manual-1.2.37-2.redhat_1.ep6.el5.x86_64.rpm\nmod_ssl-2.2.22-23.ep6.el5.x86_64.rpm\ntomcat-native-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm\ntomcat-native-debuginfo-1.1.27-4.redhat_1.ep6.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-3499.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-3544.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-4558.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2067.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2071.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/site/documentation/\nhttps://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Web_Server/2/html-single/Installation_Guide/index.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2013 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFR1FtaXlSAg2UNWIIRAmppAJ9JqTKjlMUw+Fk2fJ3Q6odbYoA5igCfTW0J\njc7eLnAzD5kw2nqSpKNb/Hc=\n=x+vm\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n Additionally the ASF bug 53219 was resolved which provides a way\n to mitigate the CRIME attack vulnerability by disabling TLS-level\n compression. Use the new directive SSLCompression on|off to enable or\n disable TLS-level compression, by default SSLCompression is turned on. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558\n http://httpd.apache.org/security/vulnerabilities_22.html\n http://www.apache.org/dist/httpd/CHANGES_2.2.24\n https://issues.apache.org/bugzilla/show_bug.cgi?id=53219\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 7509c635731abff8de4726b3f490a65a mbs1/x86_64/apache-2.2.24-1.mbs1.x86_64.rpm\n c8d15d2347a4186119c59fe34ac83314 mbs1/x86_64/apache-devel-2.2.24-1.mbs1.x86_64.rpm\n e128a1f644d5d96fe4ad08c25278af59 mbs1/x86_64/apache-doc-2.2.24-1.mbs1.noarch.rpm\n f1a8fa36a6f42d9e75570c497a338a21 mbs1/x86_64/apache-htcacheclean-2.2.24-1.mbs1.x86_64.rpm\n b3637ef4aec30f46cef5b4cb6c70fb16 mbs1/x86_64/apache-mod_authn_dbd-2.2.24-1.mbs1.x86_64.rpm\n 529da28cbb446db208c3416d57519c31 mbs1/x86_64/apache-mod_cache-2.2.24-1.mbs1.x86_64.rpm\n 19cbba7b984d375755ab152af36fa085 mbs1/x86_64/apache-mod_dav-2.2.24-1.mbs1.x86_64.rpm\n 1eccf69d4657a3dcc7e73d9fba4ab133 mbs1/x86_64/apache-mod_dbd-2.2.24-1.mbs1.x86_64.rpm\n 4cd7e5cddc596281e925e45acf9f2745 mbs1/x86_64/apache-mod_deflate-2.2.24-1.mbs1.x86_64.rpm\n 3336f3e2daf72b958e5dafb5212c3c33 mbs1/x86_64/apache-mod_disk_cache-2.2.24-1.mbs1.x86_64.rpm\n 7b7ed707bb38b26061d755b981551da2 mbs1/x86_64/apache-mod_file_cache-2.2.24-1.mbs1.x86_64.rpm\n ad7cc8bd814d6fe7123edcd911acd61e mbs1/x86_64/apache-mod_ldap-2.2.24-1.mbs1.x86_64.rpm\n ea30ba683d4a3c761424d85d127038e9 mbs1/x86_64/apache-mod_mem_cache-2.2.24-1.mbs1.x86_64.rpm\n 273dec6dcaa57765722bc617054f4326 mbs1/x86_64/apache-mod_proxy-2.2.24-1.mbs1.x86_64.rpm\n 1e2301a111dd7cef51544d46ee2fecd5 mbs1/x86_64/apache-mod_proxy_ajp-2.2.24-1.mbs1.x86_64.rpm\n bf87d20545719e432451c9af603acd26 mbs1/x86_64/apache-mod_proxy_scgi-2.2.24-1.mbs1.x86_64.rpm\n 884fb55f90be44415f9cf8a67d2c25bc mbs1/x86_64/apache-mod_reqtimeout-2.2.24-1.mbs1.x86_64.rpm\n ac91f11c0c7d4b15e30a7f08761a55db mbs1/x86_64/apache-mod_ssl-2.2.24-1.mbs1.x86_64.rpm\n aa3ee3fd0993015a3ad21af92db10cf3 mbs1/x86_64/apache-mod_suexec-2.2.24-1.mbs1.x86_64.rpm\n bc99a7d1879fff69044d1e0ab716f6d4 mbs1/x86_64/apache-mod_userdir-2.2.24-1.mbs1.x86_64.rpm\n 1ebcb5de0cdabdd483d03cd90b37e922 mbs1/x86_64/apache-mpm-event-2.2.24-1.mbs1.x86_64.rpm\n edd2a1509f2f4a0ef6db792db02d6d5f mbs1/x86_64/apache-mpm-itk-2.2.24-1.mbs1.x86_64.rpm\n 8f923499d4f47bd8de82621b15b7e2e0 mbs1/x86_64/apache-mpm-peruser-2.2.24-1.mbs1.x86_64.rpm\n de40119e6d0c18efcc5d42986bcbb92d mbs1/x86_64/apache-mpm-prefork-2.2.24-1.mbs1.x86_64.rpm\n 110746aad4564a1dba52be50c996c582 mbs1/x86_64/apache-mpm-worker-2.2.24-1.mbs1.x86_64.rpm\n a3d0a7163dbe01862ae830eac0ee81b8 mbs1/x86_64/apache-source-2.2.24-1.mbs1.noarch.rpm \n 509beb781e5871d20135d2407aa5cf07 mbs1/SRPMS/apache-2.2.24-1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03734195\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03734195\nVersion: 1\n\nHPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service\n(DoS), Execution of Arbitrary Code and other vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2013-04-15\nLast Updated: 2013-04-12\n\nPotential Security Impact: Remote Denial of Service (DoS), execution of\narbitrary code and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Running\nApache. These vulnerabilities could be exploited remotely to create a Denial\nof Service (DoS) or to execute arbitrary code and other vulnerabilities. \n\nReferences: HP-UX Apache: CVE-2007-6750, CVE-2012-2687, CVE-2012-3499,\nCVE-2012-4557, CVE-2012 -4558, CVE-2012-4929\nTomcat v6.0 and v7.0: CVE-2012-2733, CVE-2012-3546, CVE-2012-4431,\nCVE-2012-4534, CVE-2012-5885\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.25 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2007-6750 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-2687 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\nCVE-2012-2733 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-3499 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-3546 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4431 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4534 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6\nCVE-2012-4557 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-4558 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-4929 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6\nCVE-2012-5885 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerability. \nThe update for B.11.23 and B.11.31 is available for download from\nftp://sb_02866:6hq{PM6a@ftp.usa.hp.com\n\nWeb Server Suite Version\n Apache Depot Name\n\nHP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat\nB.5.5.36.01\n HP-UX_11.23_HPUXWS22ATW-B326-11-23-64.depot\n\nHP-UX_11.23_HPUXWS22ATW-B326-11-23-32.depot\n\nHP-UX Web Server Suite v.3.26 containing Apache v2.2.15.15 and Tomcat\nC.6.0.36.01\n HP-UX_11.31_HPUXWS22ATW-B326-11-31-64.depot\n\nHP-UX_11.31_HPUXWS22ATW-B326-11-31-32.depot\n\nTomcat D.7.035.01\n HP-UX_11.31_hpuxws22Tomcat_D.7.0.35.01_HP-UX_B.11.31_IA_PA.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.26 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\naction: install revision B.2.2.15.15 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision C.6.0.36.01 or subsequent\n\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision D.7.0.35.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 15 April 2013 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2013 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. (CVE-2012-4558)\n\nA flaw was found in the way the mod_dav module handled merge requests. (CVE-2013-1896)\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially-crafted XML signature block. (CVE-2013-2172)\n\nIt was found that mod_rewrite did not filter terminal escape sequences from\nits log file. If a victim viewed\nthe log file with a terminal emulator, it could result in arbitrary command\nexecution with the privileges of that user. (CVE-2013-1862)\n\nThe data file used by PicketBox Vault to store encrypted passwords contains\na copy of its own admin key. The file is encrypted using only this admin\nkey, not the corresponding JKS key. A local attacker with permission to\nread the vault data file could read the admin key from the file, and use it\nto decrypt the file and read the stored passwords in clear text. This could be exploited to read diagnostic information\n(information disclosure) and attain limited remote code execution. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n\nHere are the details from the Slackware 14.0 ChangeLog:\n+--------------------------+\npatches/packages/httpd-2.4.4-i486-1_slack14.0.txz: Upgraded. \n This update provides bugfixes and enhancements. \n [Jim Jagielski, Stefan Fritsch, Niels Heinen \u003cheinenn google com\u003e]\n * XSS in mod_proxy_balancer manager interface. [Jim Jagielski,\n Niels Heinen \u003cheinenn google com\u003e]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/httpd-2.2.24-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/httpd-2.2.24-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/httpd-2.2.24-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/httpd-2.2.24-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/httpd-2.2.24-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/httpd-2.2.24-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/httpd-2.2.24-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/httpd-2.2.24-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.4-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.4-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.4-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.4-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 12.1 package:\ncdc26999b5fd2787f1eaef285dad47bc httpd-2.2.24-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n7671b12ad7b163c1aba0fb7278349c0d httpd-2.2.24-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n5ca815faf37f28c2e365f47643d7b9a4 httpd-2.2.24-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n715fa297d5451dafdbe1b296565b3a08 httpd-2.2.24-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n4246568ea7eada4c3c4dc6bd95464784 httpd-2.2.24-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2ee64f87af8563132fccfe53e9f0f4c9 httpd-2.2.24-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n252c123e2a3c03aff1aa2112050de945 httpd-2.2.24-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9a5fcc681c89c131478910d999e25170 httpd-2.2.24-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n32d6ffa35ea58aaf4d9e325b857c4e11 httpd-2.4.4-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n889197760474094bce962f900f5258b1 httpd-2.4.4-x86_64-1_slack14.0.txz\n\nSlackware -current package:\nae7a5606e6ec97ec74ab64bf7cde5c03 n/httpd-2.4.4-i486-1.txz\n\nSlackware x86_64 -current package:\n09c32bd3fef0741e0743c0590e72f9d2 n/httpd-2.4.4-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg httpd-2.4.4-i486-1_slack14.0.txz\n\nThen, restart Apache httpd:\n\n# /etc/rc.d/rc.httpd stop\n# /etc/rc.d/rc.httpd start\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2013-09-12-1 OS X Mountain Lion v10.8.5 and Security Update\n2013-004\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 is now\navailable and addresses the following:\n\nApache\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in Apache\nDescription: Multiple vulnerabilities existed in Apache, the most\nserious of which may lead to cross-site scripting. These issues were\naddressed by updating Apache to version 2.2.24. \nCVE-ID\nCVE-2012-0883\nCVE-2012-2687\nCVE-2012-3499\nCVE-2012-4558\n\nBind\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple vulnerabilities existed in BIND, the most\nserious of which may lead to a denial of service. These issues were\naddressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not\naffect Mac OS X v10.7 systems. \nCVE-ID\nCVE-2012-3817\nCVE-2012-4244\nCVE-2012-5166\nCVE-2012-5688\nCVE-2013-2266\n\nCertificate Trust Policy\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Root certificates have been updated\nDescription: Several certificates were added to or removed from the\nlist of system roots. The complete list of recognized system roots\nmay be viewed via the Keychain Access application. \n\nClamAV\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5\nImpact: Multiple vulnerabilities in ClamAV\nDescription: Multiple vulnerabilities exist in ClamAV, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by updating ClamAV to version 0.97.8. \nCVE-ID\nCVE-2013-2020\nCVE-2013-2021\n\nCoreGraphics\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JBIG2\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1025 : Felix Groebert of the Google Security Team\n\nImageIO\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in the handling of JPEG2000\nencoded data in PDF files. This issue was addressed through\nadditional bounds checking. \nCVE-ID\nCVE-2013-1026 : Felix Groebert of the Google Security Team\n\nInstaller\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Packages could be opened after certificate revocation\nDescription: When Installer encountered a revoked certificate, it\nwould present a dialog with an option to continue. The issue was\naddressed by removing the dialog and refusing any revoked package. \nCVE-ID\nCVE-2013-1027\n\nIPSec\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: An attacker may intercept data protected with IPSec Hybrid\nAuth\nDescription: The DNS name of an IPSec Hybrid Auth server was not\nbeing matched against the certificate, allowing an attacker with a\ncertificate for any server to impersonate any other. This issue was\naddressed by properly checking the certificate. \nCVE-ID\nCVE-2013-1028 : Alexander Traud of www.traud.de\n\nKernel\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: A local network user may cause a denial of service\nDescription: An incorrect check in the IGMP packet parsing code in\nthe kernel allowed a user who could send IGMP packets to the system\nto cause a kernel panic. The issue was addressed by removing the\ncheck. \nCVE-ID\nCVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC. \n\nMobile Device Management\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Passwords may be disclosed to other local users\nDescription: A password was passed on the command-line to mdmclient,\nwhich made it visible to other users on the same system. The issue\nwas addressed by communicating the password through a pipe. \nCVE-ID\nCVE-2013-1030 : Per Olofsson at the University of Gothenburg\n\nOpenSSL\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in OpenSSL\nDescription: Multiple vulnerabilities existed in OpenSSL, the most\nserious of which may lead to disclosure of user data. These issues\nwere addressed by updating OpenSSL to version 0.9.8y. \nCVE-ID\nCVE-2012-2686\nCVE-2013-0166\nCVE-2013-0169\n\nPHP\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP, the most\nserious of which may lead to arbitrary code execution. These issues\nwere addressed by updating PHP to version 5.3.26. \nCVE-ID\nCVE-2013-1635\nCVE-2013-1643\nCVE-2013-1824\nCVE-2013-2110\n\nPostgreSQL\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Multiple vulnerabilities in PostgreSQL\nDescription: Multiple vulnerabilities exist in PostgreSQL, the most\nserious of which may lead to data corruption or privilege escalation. \nThis update addresses the issues by updating PostgreSQL to version\n9.0.13. \nCVE-ID\nCVE-2013-1899\nCVE-2013-1900\nCVE-2013-1901\nCVE-2013-1902\nCVE-2013-1903\n\nPower Management\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: The screen saver may not start after the specified time\nperiod\nDescription: A power assertion lock issue existed. This issue was\naddressed through improved lock handling. \nCVE-ID\nCVE-2013-1031\n\nQuickTime\nAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,\nOS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8 to v10.8.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the handling of\n\u0027idsc\u0027 atoms in QuickTime movie files. This issue was addressed\nthrough additional bounds checking. \nCVE-ID\nCVE-2013-1032 : Jason Kratzer working with iDefense VCP\n\nScreen Lock\nAvailable for: OS X Mountain Lion v10.8 to v10.8.4\nImpact: A user with screen sharing access may be able to bypass the\nscreen lock when another user is logged in\nDescription: A session management issue existed in the screen lock\u0027s\nhandling of screen sharing sessions. This issue was addressed through\nimproved session tracking. \nCVE-ID\nCVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sebastien Stormacq\n\nNote: OS X Mountain Lion v10.8.5 also addresses an issue where\ncertain Unicode strings could cause applications to unexpectedly\nterminate. \n\n\nOS X Mountain Lion v10.8.5 and Security Update 2013-004 may be\nobtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nOS X Mountain Lion v10.8.5, or Security Update\n2013-004. \n\nFor OS X Mountain Lion v10.8.4\nThe download file is named: OSXUpd10.8.5.dmg\nIts SHA-1 digest is: a74ab6d9501778437e7afba0bbed47b776a52b11\n\nFor OS X Mountain Lion v10.8 and v10.8.3\nThe download file is named: OSXUpdCombo10.8.5.dmg\nIts SHA-1 digest is: cb798ac9b97ceb2d8875af040ce4ff06187d61f2\n\nFor OS X Lion v10.7.5\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: dbc50fce7070f83b93b866a21b8f5c6e65007fa0\n\nFor OS X Lion Server v10.7.5\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 44a77edbd37732b865bc21a9aac443a3cdc47355\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2013-004.dmg\nIts SHA-1 digest is: d07d5142a2549270f0d2eaddb262b41bb5c16b61\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2013-004.dmg\nIts SHA-1 digest is: 8f9abe93f7f9427cf86b89bd67df948a85537dbc\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJSMiPGAAoJEPefwLHPlZEw9qMP/17D4Q8velZ3H4AumPzHqqB4\nQxPcuv8PXzhi55epUm2bzNfXR9A5L9KvzEsmggqxO2/ESO0zfeKgAmXXjCI3z5Qc\n+WkHgqowjwXU9cbjyDkhwb/ylXml+vCSIv2m9eXXNRTRi0rm9ZLSI/JMSRfLMojQ\nbZbzQSoSpuGaOeOOWESKCf9zBXFG6DBGo0wg3z8Bkywjtp/7bfddPAFHxIdhjDDN\n1IgmhPRnP6NEdNSfR6RwF94M+hyiJ2I2DIDZTIo+6B4Ne90bEYdBiQmSxwKFAyc3\nH9VFfB8XmrtA2k4DhE6Ow2jD/Y//QKz6TbyZNSQawXxuPsj43v6/T6BsWdfddGbQ\nhDGU85e7z7a4gmIPuS3DjMhSEyAixL/B3vKYBaZltH6JBCcPuLvGrU7nAiJa7KGQ\n8MToOyv42TSj95drFzysk5fcO0MIUH5xiGlaU+ScEdBSpIpHDfpjeJYPqxHeGFaa\nV2xCGw1vMYbMoxNzRL0FPPdUxJkyBHvuzZXh6c6fATuQIPCtwejpPrYEo7x7RRpl\nytsVLe3V27j7IfWb62nI+mNVfH5m+YgK4SGK5DSq8Nm1Lk0w4HXmTtrhOCogsJ2I\nyoqeg/XakiSdxZxhSa9/ZZsMB+D1B8siNzCj0+U0k4zYjxEA0GdSu/dYRVT62oIn\nvBrJ5gm+nnyRe2TUMAwz\n=h9hc\n-----END PGP SIGNATURE-----\n. ============================================================================\nUbuntu Security Notice USN-1765-1\nMarch 18, 2013\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output during a\ncrafted server request, a remote attacker could exploit this to modify the\ncontents, or steal confidential data (such as passwords), within the same\ndomain. A remote attacker could use this issue to cause the server to stop\nresponding, resulting in a denial of service. This issue only applied to\nUbuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. (CVE-2012-4557)\n\nIt was discovered that the apache2ctl script shipped in Ubuntu packages\nincorrectly created the lock directory. A local attacker could possibly use\nthis issue to gain privileges. The symlink protections in Ubuntu 11.10 and\nlater should reduce this vulnerability to a denial of service. \n(CVE-2013-1048)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.10:\n apache2.2-common 2.2.22-6ubuntu2.2\n\nUbuntu 12.04 LTS:\n apache2.2-common 2.2.22-1ubuntu1.3\n\nUbuntu 11.10:\n apache2.2-common 2.2.20-1ubuntu1.4\n\nUbuntu 10.04 LTS:\n apache2.2-common 2.2.14-5ubuntu8.11\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.25\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-3499"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "BID",
"id": "58165"
},
{
"db": "VULMON",
"id": "CVE-2012-3499"
},
{
"db": "PACKETSTORM",
"id": "120641"
},
{
"db": "PACKETSTORM",
"id": "122271"
},
{
"db": "PACKETSTORM",
"id": "121076"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "120625"
},
{
"db": "PACKETSTORM",
"id": "123228"
},
{
"db": "PACKETSTORM",
"id": "120852"
}
],
"trust": 2.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2012-3499",
"trust": 3.6
},
{
"db": "BID",
"id": "58165",
"trust": 1.9
},
{
"db": "BID",
"id": "64758",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55032",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2012-3499",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120641",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122271",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "121319",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123090",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120625",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123228",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "120852",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-3499"
},
{
"db": "BID",
"id": "58165"
},
{
"db": "PACKETSTORM",
"id": "120641"
},
{
"db": "PACKETSTORM",
"id": "122271"
},
{
"db": "PACKETSTORM",
"id": "121076"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "120625"
},
{
"db": "PACKETSTORM",
"id": "123228"
},
{
"db": "PACKETSTORM",
"id": "120852"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "NVD",
"id": "CVE-2012-3499"
}
]
},
"id": "VAR-201302-0021",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1915078275
},
"last_update_date": "2026-03-09T21:46:56.475000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 2.2.4",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"title": "Fixed in Apache httpd 2.4.4",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Diff of /httpd/httpd/trunk/modules/mappers/mod_imagemap.c",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480\u0026r2=1413732\u0026diff_format=h"
},
{
"title": "Diff of /httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766\u0026r2=1418752\u0026diff_format=h"
},
{
"title": "Diff of /httpd/httpd/trunk/modules/generators/mod_status.c",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564\u0026r2=1413732\u0026diff_format=h"
},
{
"title": "Diff of /httpd/httpd/trunk/modules/generators/mod_info.c",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799\u0026r2=1413732\u0026diff_format=h"
},
{
"title": "Diff of /httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625\u0026r2=1413732\u0026diff_format=h"
},
{
"title": "APPLE-SA-2013-09-12-1",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"title": "HT5880",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5880"
},
{
"title": "HT5880",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5880?viewlocale=ja_JP"
},
{
"title": "DSA-2637",
"trust": 0.8,
"url": "http://www.debian.org/security/2013/dsa-2637"
},
{
"title": "HS13-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-007/index.html"
},
{
"title": "NV16-014",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv16-014.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014verbose-1972951.html"
},
{
"title": "RHSA-2013:1208",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"title": "RHSA-2013:1209",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"title": "RHSA-2013:0815",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-0815.html"
},
{
"title": "RHSA-2013:1207",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"title": "Multiple vulnerabilities in Apache HTTP Server_4",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4"
},
{
"title": "January 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2014_critical_patch_update"
},
{
"title": "Multiple Cross Site Scripting vulnerabilities in Apache HTTP server",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_vulnerabilities"
},
{
"title": "Multiple vulnerabilities in Apache HTTP Server",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http3"
},
{
"title": "HS13-007",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-007/index.html"
},
{
"title": "Interstage HTTP Server (CVE-2011-3607/ CVE-2012-3499/ CVE-2012-2687/ CVE-2013-1862)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201303.html"
},
{
"title": "httpd-2.2.24",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45670"
},
{
"title": "httpd-2.4.4",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45669"
},
{
"title": "httpd-2.0.64",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45671"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20130815 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131207 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131208 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1765-1"
},
{
"title": "Debian Security Advisories: DSA-2637-1 apache2 -- several issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5b59a8990611863d58c999964c6e6ddd"
},
{
"title": "Amazon Linux AMI: ALAS-2013-175",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-175"
},
{
"title": "Amazon Linux AMI: ALAS-2013-193",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-193"
},
{
"title": "Amazon Linux AMI: ALAS-2013-174",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-174"
},
{
"title": "Amazon Linux AMI: ALAS-2013-194",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2013-194"
},
{
"title": "vuln-checker",
"trust": 0.1,
"url": "https://github.com/mattfoster/vuln-checker "
},
{
"title": "Pentest-Cheetsheet",
"trust": 0.1,
"url": "https://github.com/MrFrozenPepe/Pentest-Cheetsheet "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "DC-1-Vulnhub-Walkthrough",
"trust": 0.1,
"url": "https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough "
},
{
"title": "pigat",
"trust": 0.1,
"url": "https://github.com/teamssix/pigat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-3499"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "NVD",
"id": "CVE-2012-3499"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1209.html"
},
{
"trust": 1.6,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00002.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2013/dsa-2637"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=136612293908376\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/64758"
},
{
"trust": 1.6,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-april/101196.html"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht5880"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/58165"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19312"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1207.html"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2013-0815.html"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/55032"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2013-1208.html"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"trust": 1.1,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3499"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766\u0026r2=1418752\u0026diff_format=h"
},
{
"trust": 1.0,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3499"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4558"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3499"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 0.6,
"url": "http://svn.apache.org/viewvc/"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/generators/mod_info.c?r1=1225799\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766\u0026r2=1418752\u0026diff_format=h"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/generators/mod_status.c?r1=1389564\u0026r2=1413732\u0026diff_format=h"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs."
},
{
"trust": 0.3,
"url": "http://www-4.ibm.com/software/webservers/httpservers/download.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1048"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3499.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2012-4558.html"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/site/documentation/"
},
{
"trust": 0.2,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4558"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4557"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2687"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-3544.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/jboss_enterprise_web_server/2/html-single/installation_guide/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2071"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2013-1011.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2071.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2067.html"
},
{
"trust": 0.1,
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=53219"
},
{
"trust": 0.1,
"url": "http://www.apache.org/dist/httpd/changes_2.2.24"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2733"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3546"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4112"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4112.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1921.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1921"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-1896.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=distributions"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-3817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1025"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1643"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://www.traud.de"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1901"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1026"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4244"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1902"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1032"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1030"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2686"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1028"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0166"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.11"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1765-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.25"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.22-6ubuntu2.2"
}
],
"sources": [
{
"db": "BID",
"id": "58165"
},
{
"db": "PACKETSTORM",
"id": "120641"
},
{
"db": "PACKETSTORM",
"id": "122271"
},
{
"db": "PACKETSTORM",
"id": "121076"
},
{
"db": "PACKETSTORM",
"id": "121319"
},
{
"db": "PACKETSTORM",
"id": "123090"
},
{
"db": "PACKETSTORM",
"id": "120625"
},
{
"db": "PACKETSTORM",
"id": "123228"
},
{
"db": "PACKETSTORM",
"id": "120852"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
},
{
"db": "NVD",
"id": "CVE-2012-3499"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2012-3499",
"ident": null
},
{
"db": "BID",
"id": "58165",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120641",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "122271",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121076",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "121319",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123090",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120625",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "123228",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "120852",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001695",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2012-3499",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2013-02-26T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3499",
"ident": null
},
{
"date": "2013-02-26T00:00:00",
"db": "BID",
"id": "58165",
"ident": null
},
{
"date": "2013-03-05T01:48:00",
"db": "PACKETSTORM",
"id": "120641",
"ident": null
},
{
"date": "2013-07-03T19:05:09",
"db": "PACKETSTORM",
"id": "122271",
"ident": null
},
{
"date": "2013-04-04T15:01:00",
"db": "PACKETSTORM",
"id": "121076",
"ident": null
},
{
"date": "2013-04-16T23:44:17",
"db": "PACKETSTORM",
"id": "121319",
"ident": null
},
{
"date": "2013-09-04T22:44:12",
"db": "PACKETSTORM",
"id": "123090",
"ident": null
},
{
"date": "2013-03-04T21:11:00",
"db": "PACKETSTORM",
"id": "120625",
"ident": null
},
{
"date": "2013-09-13T19:32:22",
"db": "PACKETSTORM",
"id": "123228",
"ident": null
},
{
"date": "2013-03-19T02:54:48",
"db": "PACKETSTORM",
"id": "120852",
"ident": null
},
{
"date": "2013-02-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-520",
"ident": null
},
{
"date": "2013-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001695",
"ident": null
},
{
"date": "2013-02-26T16:55:01.033000",
"db": "NVD",
"id": "CVE-2012-3499",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2012-3499",
"ident": null
},
{
"date": "2015-07-15T00:34:00",
"db": "BID",
"id": "58165",
"ident": null
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201302-520",
"ident": null
},
{
"date": "2016-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001695",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-3499",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "120852"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
}
],
"trust": 0.7
},
"title": {
"_id": null,
"data": "Apache HTTP Server Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001695"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "120852"
},
{
"db": "CNNVD",
"id": "CNNVD-201302-520"
}
],
"trust": 0.7
}
}
VAR-200705-0681
Vulnerability from variot - Updated: 2026-03-09 21:39Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer.". Apache is prone to multiple denial-of-service vulnerabilities. An attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible.
A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304).
Updated packages have been patched to prevent the above issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
Updated Packages:
Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm
Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE-----
.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.6 *>= 2.0.59-r5 >= 2.2.6
Description
Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847).
Impact
A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5"
References
[ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200711-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01182588 Version: 1
HPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-10-10 Last Updated: 2007-10-10
Potential Security Impact: Remote Unauthorized Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
References: CVE-2007-3847, CVE-2007-3304
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00
BACKGROUND
To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended action has been taken.
AFFECTED VERSIONS
For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 hpuxwsAPACHE,revision=B.2.0.59.00
action: install revision B.2.0.59.00.0 or subsequent restart Apache URL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com
END AFFECTED VERSIONS
RESOLUTION HP has made the following available to resolve the vulnerability.
OS Release Depot name MD5 Sum
B.11.11 (IPv4) HPUXWSA-B218-01-1111ipv4.depot eb3bb933baac0f05e1e0809ef1e84eb2
B.11.11 (IPv6) HPUXWSA-B218-01-1111ipv6.depot 540a56b155699336bcbfac0eaf87e3ce
B.11.23 PA-32 HPUXWSA-B218-01-1123-32.depot 2900a0cbea01b6905dc768680fbd5381
B.11.23 IA-64 HPUXWSA-B218-01-1123-64.depot 3be084d96e8a509692e37c71c0184014
B.11.31 PA-32 HPUXWSA-B218-01-1131-32.depot 861122eef70f1b53d68c5adafc64cdb5
B.11.31 IA-64 HPUXWSA-B218-01-1131-64.depot 8dc57222257fe27fb5994da16e91f9a4
The updates are available from: ftp://ssrt1476:ssrt1476@hprc.external.hp.com/ ftp://ssrt1476:ssrt1476@192.170.19.100/
MANUAL ACTIONS: Yes - Update Install Apache 2.0.59.00.0 or subsequent.
PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Revision: 1 (rev.1) - 10 October 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux
TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy 7CP41v96ckMOtfU4yeG76pv2 =VMzd -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0010 Synopsis: VMware Hosted products update libpng and Apache HTTP Server Issue date: 2009-08-20 Updated on: 2009-08-20 (initial release of advisory) CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 CVE-2007-6388 CVE-2007-5000 CVE-2008-0005
- Summary
Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server.
- Relevant releases
VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier
- Problem Description
a. Third Party Library libpng Updated to 1.2.35
Several flaws were discovered in the way third party library libpng
handled uninitialized pointers. An attacker could create a PNG image
file in such a way, that when loaded by an application linked to
libpng, it could cause the application to crash or execute arbitrary
code at the privilege level of the user that runs the application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0040 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected *
* The libpng update for the Service Console of ESX 2.5.5 is
documented in VMSA-2009-0007.
b. Apache HTTP Server updated to 2.0.63
The new version of ACE updates the Apache HTTP Server on Windows
hosts to version 2.0.63 which addresses multiple security issues
that existed in the previous versions of this server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,
CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the
issues that have been addressed by this update.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any not affected
Player 2.5.x any not affected
ACE 2.5.x Windows 2.5.3 build 185404 or later
ACE 2.5.x Linux update Apache on host system *
Server 2.x any not affected
Server 1.x any not affected
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 3.0.2 ESX not affected
ESX 2.5.5 ESX not affected
* The Apache HTTP Server is not part of an ACE install on a Linux
host. Update the Apache HTTP Server on the host system to version
2.0.63 in order to remediate the vulnerabilities listed above.
- Solution
Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Workstation 6.5.3
http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html
For Windows
Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1
For Linux
Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e
Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5
Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb
Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542
VMware Player 2.5.3
http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html
Player for Windows binary
http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04
Player for Linux (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e
Player for Linux (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b
Player for Linux - 64-bit (.rpm)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974
Player for Linux - 64-bit (.bundle)
http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4
VMware ACE 2.5.3
http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html
ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1
VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef
ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75
ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
- Change log
2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved. =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2
Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1
Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752)
Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)
A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz
Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc
Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb
Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171082 4318f93373b705563251f377ed398614
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb
Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb
Size/MD5: 131850 951a4573901bc2f10d5febf940d57516
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 171864 200ab662b2c13786658486df37fda881
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb
Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb
Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz
Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc
Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb
Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 171304 c4395af051e876228541ef5b8037d979
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb
Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 172078 01ccd554177364747b08e2933f121d2c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 93240 4573597317416869646eb2ea42cd0945
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb
Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb
Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 211578 9407383d85db831dab728b39cce9acc8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb
Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz
Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc
Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 2199184 c03756f87cb164213428532f70e0c198
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb
Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 341312 906819b0de863209575aa65d39a594a5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb
Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb
Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 446960 af1b667708e062f81bca4e995355394d
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 404146 fd35e65fadd836feb0190b209947b466
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb
Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 430574 7b690896da23a151ee5e106d596c1143
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 343370 1572a001a612add57d23350210ac1736
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb
Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce
{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.1,
"vendor": "ibm",
"version": "6.0.2.23"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.04"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.10"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"_id": null,
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.0"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "1.3.39"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.0.59 and earlier"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "1.3.37 and earlier"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (es)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.23"
},
{
"_id": null,
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "2.0.47"
},
{
"_id": null,
"model": "systemwalker resource coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "2.2.4 and earlier"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (sparc)"
},
{
"_id": null,
"model": "trendmicro interscan web security suite",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "1.1 solaris edition"
},
{
"_id": null,
"model": "linux advanced workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1"
},
{
"_id": null,
"model": "http server",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "version"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "8 (x86)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "2.1 (ws)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"_id": null,
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"_id": null,
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.8,
"vendor": "ibm",
"version": "1.3.28.1"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.11"
},
{
"_id": null,
"model": "hp-ux",
"scope": "eq",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "11.31"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "1.3.37"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.2"
},
{
"_id": null,
"model": "workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "6.5.1"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "player",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.2"
},
{
"_id": null,
"model": "ace",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.5.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.10"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0x86"
},
{
"_id": null,
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"_id": null,
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"_id": null,
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"_id": null,
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0.5"
},
{
"_id": null,
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "3.0"
},
{
"_id": null,
"model": "secure linux",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.2"
},
{
"_id": null,
"model": "operating system enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "trustix",
"version": "2.0"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux enterprise sdk 10.sp1",
"scope": null,
"trust": 0.3,
"vendor": "suse",
"version": null
},
{
"_id": null,
"model": "linux enterprise sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10.3"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 8 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 8 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "propack sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "sgi",
"version": "3.0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"_id": null,
"model": "open-enterprise-server",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "0"
},
{
"_id": null,
"model": "novell linux pos",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9"
},
{
"_id": null,
"model": "novell linux desktop sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "novell linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "9.0"
},
{
"_id": null,
"model": "linux professional oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux professional",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux personal oss",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.0"
},
{
"_id": null,
"model": "linux personal",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"_id": null,
"model": "network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)4.2"
},
{
"_id": null,
"model": "network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3)4.2"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux ws ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "advanced workstation for the itanium processor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.1"
},
{
"_id": null,
"model": "hat red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5.0"
},
{
"_id": null,
"model": "hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3)4.2"
},
{
"_id": null,
"model": "hat network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4)5.0"
},
{
"_id": null,
"model": "hat network proxy (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4)4.2"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"_id": null,
"model": "hat enterprise linux as ia64",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"_id": null,
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "2.1"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"_id": null,
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage job workload server",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.1"
},
{
"_id": null,
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"_id": null,
"model": "interstage apworks standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server web-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "ses",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "intuity lx",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.3"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "interactive response",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "emmc",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.021"
},
{
"_id": null,
"model": "emmc",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.017"
},
{
"_id": null,
"model": "emmc",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.1"
},
{
"_id": null,
"model": "aura sip enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "software foundation mpm prefork",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.37"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "software foundation apache 2.3.38-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"_id": null,
"model": "software foundation apache 2.0.60-dev",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "24215"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "NVD",
"id": "CVE-2007-3304"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:http_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:interscan_web_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hp:hp-ux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux_advanced_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
}
]
},
"credits": {
"_id": null,
"data": "Blazej Miga",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
}
],
"trust": 0.6
},
"cve": "CVE-2007-3304",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "CVE-2007-3304",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3304",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3304",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200706-316",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2007-3304",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3304"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "NVD",
"id": "CVE-2007-3304"
}
]
},
"description": {
"_id": null,
"data": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\". Apache is prone to multiple denial-of-service vulnerabilities. \nAn attacker with the ability to execute arbitrary server-side script-code can exploit these issues to stop arbitrary services on the affected computer in the context of the master webserver process; other attacks may also be possible. \n \n A vulnerability was found in the Apache mod_cache module that could\n cause the httpd server child process to crash if it was sent a\n carefully crafted request. This could lead to a denial of service\n if using a threaded MPM (CVE-2007-1863). A local attacker with the\n ability to run scripts on the server could manipulate the scoreboard\n and cause arbitrary processes to be terminated (CVE-2007-3304). \n \n Updated packages have been patched to prevent the above issues. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm\n 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm\n 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm\n bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm\n c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm\n e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm\n 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm\n d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm\n 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm\n 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm\n f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm\n ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm\n d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm\n fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm\n 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm\n 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm\n 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm\n ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm\n c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm\n 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm\n 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm\n e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm\n fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm\n 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm\n 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm\n b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm\n 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm\n 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm\n feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm\n a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm\n da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm\n ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm \n 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm\n 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm\n 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm\n 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm\n d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm\n ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm\n 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm\n f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm\n 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm\n 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm\n adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm\n 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm\n 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm\n 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm\n 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm\n 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm\n b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm\n 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm\n 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm\n afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm\n d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm\n abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm\n b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm\n 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm\n 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm\n 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm\n f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm\n caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm\n 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm\n 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm\n e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm\n 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm \n ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm\n\n Corporate 4.0:\n 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm\n 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm\n ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm\n 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm\n b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm\n e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm\n c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm\n 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm\n e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm\n a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm\n 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm\n 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm\n 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm\n 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm\n ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm\n a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm\n d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm\n e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm\n babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm\n 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm \n 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS\nRe00IyLecNs4MIGgsrv2qJE=\n=5EEm\n-----END PGP SIGNATURE-----\n\n. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.6 *\u003e= 2.0.59-r5\n \u003e= 2.2.6\n\nDescription\n===========\n\nMultiple cross-site scripting vulnerabilities have been discovered in\nmod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error\nhas been discovered in the recall_headers() function in mod_mem_cache\n(CVE-2007-1862). The mod_cache module does not properly sanitize\nrequests before processing them (CVE-2007-1863). The Prefork module\ndoes not properly check PID values before sending signals\n(CVE-2007-3304). The mod_proxy module does not correctly check headers\nbefore processing them (CVE-2007-3847). \n\nImpact\n======\n\nA remote attacker could exploit one of these vulnerabilities to inject\narbitrary script or HTML content, obtain sensitive information or cause\na Denial of Service. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.0.59-r5\"\n\nReferences\n==========\n\n [ 1 ] CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n [ 2 ] CVE-2007-1862\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862\n [ 3 ] CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n [ 4 ] CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n [ 5 ] CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n [ 6 ] CVE-2007-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200711-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2007 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01182588\nVersion: 1\n\nHPSBUX02273 SSRT071476 rev. 1 - HP-UX running Apache, Remote Unauthorized Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2007-10-10\nLast Updated: 2007-10-10\n\nPotential Security Impact: Remote Unauthorized Denial of Service (DoS) \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS). \n\nReferences: CVE-2007-3847, CVE-2007-3304\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running Apache 2.0.59.00\n\nBACKGROUND\n\nTo determine if a system has an affected version, search the output of \"swlist -a revision -l fileset\" for an affected fileset. Then determine if the recommended action has been taken. \n\nAFFECTED VERSIONS \n\nFor IPv4: \nHP-UX B.11.11 \n============= \nhpuxwsAPACHE \naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nFor IPv6: \nHP-UX B.11.11 \nHP-UX B.11.23 \nHP-UX B.11.31 \n============= \nhpuxwsAPACHE,revision=B.1.0.00.01 \nhpuxwsAPACHE,revision=B.1.0.07.01 \nhpuxwsAPACHE,revision=B.1.0.08.01 \nhpuxwsAPACHE,revision=B.1.0.09.01 \nhpuxwsAPACHE,revision=B.1.0.10.01 \nhpuxwsAPACHE,revision=B.2.0.48.00 \nhpuxwsAPACHE,revision=B.2.0.49.00 \nhpuxwsAPACHE,revision=B.2.0.50.00 \nhpuxwsAPACHE,revision=B.2.0.51.00 \nhpuxwsAPACHE,revision=B.2.0.52.00 \nhpuxwsAPACHE,revision=B.2.0.53.00 \nhpuxwsAPACHE,revision=B.2.0.54.00 \nhpuxwsAPACHE,revision=B.2.0.55.00 \nhpuxwsAPACHE,revision=B.2.0.56.00 \nhpuxwsAPACHE,revision=B.2.0.58.00 \nhpuxwsAPACHE,revision=B.2.0.58.01 \nhpuxwsAPACHE,revision=B.2.0.59.00 \n\naction: install revision B.2.0.59.00.0 or subsequent \nrestart Apache \nURL: ftp://ssrt1476:ssrt1476@hprc.external.hp.com \n\nEND AFFECTED VERSIONS \n\n\nRESOLUTION\nHP has made the following available to resolve the vulnerability. \n\nOS Release \n Depot name \n MD5 Sum \n \nB.11.11 (IPv4)\n HPUXWSA-B218-01-1111ipv4.depot\n eb3bb933baac0f05e1e0809ef1e84eb2\n \nB.11.11 (IPv6) \n HPUXWSA-B218-01-1111ipv6.depot\n 540a56b155699336bcbfac0eaf87e3ce\n \nB.11.23 PA-32\n HPUXWSA-B218-01-1123-32.depot\n 2900a0cbea01b6905dc768680fbd5381\n \nB.11.23 IA-64\n HPUXWSA-B218-01-1123-64.depot\n 3be084d96e8a509692e37c71c0184014\n \nB.11.31 PA-32\n HPUXWSA-B218-01-1131-32.depot\n 861122eef70f1b53d68c5adafc64cdb5\n \nB.11.31 IA-64\n HPUXWSA-B218-01-1131-64.depot\n 8dc57222257fe27fb5994da16e91f9a4\n \n\nThe updates are available from: \nftp://ssrt1476:ssrt1476@hprc.external.hp.com/ \nftp://ssrt1476:ssrt1476@192.170.19.100/ \n\nMANUAL ACTIONS: Yes - Update \nInstall Apache 2.0.59.00.0 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION \nHP-UX Software Assistant: \nHP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. \nFor more information see: https://www.hp.com/go/swa \n\nHISTORY \nRevision: 1 (rev.1) - 10 October 2007 Initial release \n\nThird Party Security Patches: \nThird party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n -verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS \nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\n\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2007 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBRw4UMuAfOvwtKn1ZEQLDowCgnVZZuBkuV66atvv6mh6sxARqYYkAmQEy\n7CP41v96ckMOtfU4yeG76pv2\n=VMzd\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0010\nSynopsis: VMware Hosted products update libpng and Apache HTTP\n Server\nIssue date: 2009-08-20\nUpdated on: 2009-08-20 (initial release of advisory)\nCVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863\n CVE-2006-5752 CVE-2007-3304 CVE-2007-6388\n CVE-2007-5000 CVE-2008-0005\n- ------------------------------------------------------------------------\n\n1. Summary\n\n Updated VMware Hosted products address security issues in libpng and\n the Apace HTTP Server. \n\n2. Relevant releases\n\n VMware Workstation 6.5.2 and earlier,\n VMware Player 2.5.2 and earlier,\n VMware ACE 2.5.2 and earlier\n\n3. Problem Description\n\n a. Third Party Library libpng Updated to 1.2.35\n\n Several flaws were discovered in the way third party library libpng\n handled uninitialized pointers. An attacker could create a PNG image\n file in such a way, that when loaded by an application linked to\n libpng, it could cause the application to crash or execute arbitrary\n code at the privilege level of the user that runs the application. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0040 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any 6.5.3 build 185404 or later\n\n Player 2.5.x any 2.5.3 build 185404 or later\n\n ACE 2.5.x any 2.5.3 build 185404 or later\n\n Server 2.x any patch pending\n Server 1.x any patch pending\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected *\n\n * The libpng update for the Service Console of ESX 2.5.5 is\n documented in VMSA-2009-0007. \n\n b. Apache HTTP Server updated to 2.0.63\n\n The new version of ACE updates the Apache HTTP Server on Windows\n hosts to version 2.0.63 which addresses multiple security issues\n that existed in the previous versions of this server. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752,\n CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the\n issues that have been addressed by this update. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n Workstation 6.5.x any not affected\n\n Player 2.5.x any not affected\n\n ACE 2.5.x Windows 2.5.3 build 185404 or later\n ACE 2.5.x Linux update Apache on host system *\n\n Server 2.x any not affected\n Server 1.x any not affected\n\n Fusion 2.x Mac OS/X not affected\n Fusion 1.x Mac OS/X not affected\n\n ESXi 4.0 ESXi not affected\n ESXi 3.5 ESXi not affected\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 3.0.2 ESX not affected\n ESX 2.5.5 ESX not affected\n\n * The Apache HTTP Server is not part of an ACE install on a Linux\n host. Update the Apache HTTP Server on the host system to version\n 2.0.63 in order to remediate the vulnerabilities listed above. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum and/or the sha1sum of your downloaded file. \n\n VMware Workstation 6.5.3\n ------------------------\n http://www.vmware.com/download/ws/\n Release notes:\n http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html\n\n For Windows\n\n Workstation for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 7565d16b7d7e0173b90c3b76ca4656bc\n sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1\n\n For Linux\n\n Workstation for Linux 32-bit\n Linux 32-bit .rpm\n md5sum: 4d55c491bd008ded0ea19f373d1d1fd4\n sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e\n\n Workstation for Linux 32-bit\n Linux 32-bit .bundle\n md5sum: d4a721c1918c0e8a87c6fa4bad49ad35\n sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5\n\n Workstation for Linux 64-bit\n Linux 64-bit .rpm\n md5sum: 72adfdb03de4959f044fcb983412ae7c\n sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb\n\n Workstation for Linux 64-bit\n Linux 64-bit .bundle\n md5sum: 83e1f0c94d6974286256c4d3b559e854\n sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542\n\n\n VMware Player 2.5.3\n -------------------\n http://www.vmware.com/download/player/\n Release notes:\n http://www.vmware.com/support/player25/doc/releasenotes_player253.html\n\n Player for Windows binary\n\nhttp://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe\n md5sum: fe28f193374c9457752ee16cd6cad4e7\n sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04\n\n Player for Linux (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm\n md5sum: c99cd65f19fdfc7651bcb7f328b73bc2\n sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e\n\n Player for Linux (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle\n md5sum: 210f4cb5615bd3b2171bc054b9b2bac5\n sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b\n\n Player for Linux - 64-bit (.rpm)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm\n md5sum: f91576ef90b322d83225117ae9335968\n sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974\n\n Player for Linux - 64-bit (.bundle)\n\nhttp://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle\n md5sum: 595d44d7945c129b1aeb679d2f001b05\n sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4\n\n\n VMware ACE 2.5.3\n ----------------\n http://www.vmware.com/download/ace/\n Release notes:\n http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html\n\n ACE Management Server Virtual Appliance\n AMS Virtual Appliance .zip\n md5sum: 44cc7b86353047f02cf6ea0653e38418\n sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1\n\n VMware ACE for Windows 32-bit and 64-bit\n Windows 32-bit and 64-bit .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for Windows\n Windows .exe\n md5sum: 0779da73408c5e649e0fd1c62d23820f\n sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef\n\n ACE Management Server for SUSE Enterprise Linux 9\n SLES 9 .rpm\n md5sum: a4fc92d7197f0d569361cdf4b8cca642\n sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75\n\n ACE Management Server for Red Hat Enterprise Linux 4\n RHEL 4 .rpm\n md5sum: 841005151338c8b954f08d035815fd58\n sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e\n\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-08-20 VMSA-2009-0010\nInitial security advisory after release of Workstation 6.5.3,\nPlayer 2.5.3, and ACE 2.5.3 on 2009-08-20. \n\n\n- ------------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. =========================================================== \nUbuntu Security Notice USN-499-1 August 16, 2007\napache2 vulnerabilities\nCVE-2006-5752, CVE-2007-1863, CVE-2007-3304\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 6.10\nUbuntu 7.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n apache2-common 2.0.55-4ubuntu2.2\n apache2-mpm-prefork 2.0.55-4ubuntu2.2\n apache2-mpm-worker 2.0.55-4ubuntu2.2\n\nUbuntu 6.10:\n apache2-common 2.0.55-4ubuntu4.1\n apache2-mpm-prefork 2.0.55-4ubuntu4.1\n apache2-mpm-worker 2.0.55-4ubuntu4.1\n\nUbuntu 7.04:\n apache2-mpm-prefork 2.2.3-3.2ubuntu0.1\n apache2-mpm-worker 2.2.3-3.2ubuntu0.1\n apache2.2-common 2.2.3-3.2ubuntu0.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nStefan Esser discovered that mod_status did not force a character set,\nwhich could result in browsers becoming vulnerable to XSS attacks when\nprocessing the output. If a user were tricked into viewing server\nstatus output during a crafted server request, a remote attacker could\nexploit this to modify the contents, or steal confidential data (such as\npasswords), within the same domain. By default, mod_status is disabled\nin Ubuntu. (CVE-2006-5752)\n\nNiklas Edmundsson discovered that the mod_cache module could be made to\ncrash using a specially crafted request. A remote user could use this\nto cause a denial of service if Apache was configured to use a threaded\nworker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863)\n\nA flaw was discovered in the signal handling of Apache. A local\nattacker could trick Apache into sending SIGUSR1 to other processes. \nThe vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304)\n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz\n Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc\n Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb\n Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171082 4318f93373b705563251f377ed398614\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb\n Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb\n Size/MD5: 131850 951a4573901bc2f10d5febf940d57516\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 171864 200ab662b2c13786658486df37fda881\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb\n Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb\n Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f\n\nUpdated packages for Ubuntu 6.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz\n Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc\n Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb\n Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 171304 c4395af051e876228541ef5b8037d979\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb\n Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 172078 01ccd554177364747b08e2933f121d2c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 93240 4573597317416869646eb2ea42cd0945\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb\n Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb\n Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 211578 9407383d85db831dab728b39cce9acc8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb\n Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a\n\nUpdated packages for Ubuntu 7.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz\n Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc\n Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz\n Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 2199184 c03756f87cb164213428532f70e0c198\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb\n Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 341312 906819b0de863209575aa65d39a594a5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb\n Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934\n\n i386 architecture (x86 compatible Intel/AMD)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb\n Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add\n\n powerpc architecture (Apple Macintosh G3/G4/G5)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 446960 af1b667708e062f81bca4e995355394d\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 404146 fd35e65fadd836feb0190b209947b466\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb\n Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704\n\n sparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 430574 7b690896da23a151ee5e106d596c1143\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 343370 1572a001a612add57d23350210ac1736\n http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb\n Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3304"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "BID",
"id": "24215"
},
{
"db": "VULMON",
"id": "CVE-2007-3304"
},
{
"db": "PACKETSTORM",
"id": "57505"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "57507"
},
{
"db": "PACKETSTORM",
"id": "58667"
}
],
"trust": 2.52
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2007-3304",
"trust": 3.4
},
{
"db": "BID",
"id": "24215",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2007-3100",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3283",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2727",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4305",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0233",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3494",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-3420",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26211",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27732",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25920",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26759",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26993",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28212",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28606",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "28224",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26790",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26842",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27563",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27209",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "27121",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26508",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26443",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26822",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26611",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "26273",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25827",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "25830",
"trust": 1.7
},
{
"db": "SREASON",
"id": "2814",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "38939",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1018304",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2007-3304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60759",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "60039",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "80533",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "57507",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58667",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3304"
},
{
"db": "BID",
"id": "24215"
},
{
"db": "PACKETSTORM",
"id": "57505"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "57507"
},
{
"db": "PACKETSTORM",
"id": "58667"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "NVD",
"id": "CVE-2007-3304"
}
]
},
"id": "VAR-200705-0681",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2026-03-09T21:39:20.113000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Fixed in Apache httpd 1.3.39-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_13.html#1.3.39-dev"
},
{
"title": "Fixed in Apache httpd 2.0.61-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.61-dev"
},
{
"title": "Fixed in Apache httpd 2.2.6-dev",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.6-dev"
},
{
"title": "Revision 551843",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?view=markup"
},
{
"title": "HPSBUX02273",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01182588"
},
{
"title": "HPSBUX02273",
"trust": 0.8,
"url": "http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/HP-UX/HPSBUX02273.html"
},
{
"title": "PK50467",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK50467"
},
{
"title": "PK55141",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK55141"
},
{
"title": "4017303",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017303"
},
{
"title": "Fix Pack 13 (6.1.0.13)",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61013"
},
{
"title": "4017141",
"trust": 0.8,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24017141"
},
{
"title": "httpd (V3.0/V4.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=1093"
},
{
"title": "RHSA-2007:0532",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0532.html"
},
{
"title": "RHSA-2007:0556",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0556.html"
},
{
"title": "RHSA-2007:0662",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2007-0662.html"
},
{
"title": "103179",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1"
},
{
"title": "readme_iwss11_sol_patch7_b1182",
"trust": 0.8,
"url": "http://www.trendmicro.com/ftp/jp/ucmodule/iwss/sol/11/readme_iwss11_sol_patch7_b1182.txt"
},
{
"title": "RHSA-2007:0532",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0532J.html"
},
{
"title": "RHSA-2007:0556",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0556J.html"
},
{
"title": "RHSA-2007:0662",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0662J.html"
},
{
"title": "interstage_as_200802",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200802.html"
},
{
"title": "Apache HTTP Server Worker Repair measures for multiple local denial of service vulnerabilities in the process",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=145950"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-499-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2007-3304 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3304"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "NVD",
"id": "CVE-2007-3304"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.securityfocus.com/bid/24215"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-353.htm"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2007-363.htm"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk52702"
},
{
"trust": 2.0,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk53984"
},
{
"trust": 2.0,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0556.html"
},
{
"trust": 2.0,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html"
},
{
"trust": 2.0,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"trust": 1.7,
"url": "http://security.psnc.pl/files/apache_report.pdf"
},
{
"trust": 1.7,
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=547987"
},
{
"trust": 1.7,
"url": "https://issues.rpath.com/browse/rpl-1710"
},
{
"trust": 1.7,
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=pk50467\u0026apar=only"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-september/msg00320.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:140"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:142"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/errata/rhsa-2007-0532.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0557.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2007-0662.html"
},
{
"trust": 1.7,
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"trust": 1.7,
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-499-1"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018304"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25827"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25830"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/25920"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26211"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26273"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26443"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26508"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26611"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26759"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26790"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26822"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26842"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26993"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27121"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27209"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27563"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27732"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/2814"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28212"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28224"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/28606"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0261.html"
},
{
"trust": 1.7,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0233"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01182588"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3494"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3100"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3420"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/4305"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/3283"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2727"
},
{
"trust": 1.7,
"url": "http://osvdb.org/38939"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35095"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11589"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/471832/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/469899/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://httpd.apache.org/security/vulnerabilities_13.html"
},
{
"trust": 1.4,
"url": "http://httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 1.4,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3304"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=apache-httpd-dev\u0026m=118252946632447\u0026w=2"
},
{
"trust": 1.1,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070701-01-p.asc"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.ga15192%40redhat.com%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3304"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3304"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_13.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_20.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev/200706.mbox/%3c20070629141032.ga15192@redhat.com%3e"
},
{
"trust": 0.6,
"url": "http://mail-archives.apache.org/mod_mbox/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "httpd-dev\u0026m=118252946632447\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.info/?l=apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-5752"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1863"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5752"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-012.htm"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.6"
},
{
"trust": 0.3,
"url": "/archive/1/482486"
},
{
"trust": 0.3,
"url": "/archive/1/469899"
},
{
"trust": 0.3,
"url": "/archive/1/479708"
},
{
"trust": 0.3,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk50467"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2007-0532.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2007-0662.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0261.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0263.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0523.html"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0524.html"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1863"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3847"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3847"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/%3c20070629141032.ga15192@redhat.com%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2007-3304"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/499-1/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1862"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4465"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1862"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/player25/doc/releasenotes_player253.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5000"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ace/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/player/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6388"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/ws/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.rpm"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.exe"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5000"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.i386.bundle"
},
{
"trust": 0.1,
"url": "http://download3.vmware.com/software/vmplayer/vmware-player-2.5.3-185404.x86_64.bundle"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0040"
},
{
"trust": 0.1,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6388"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2007-3304"
},
{
"db": "BID",
"id": "24215"
},
{
"db": "PACKETSTORM",
"id": "57505"
},
{
"db": "PACKETSTORM",
"id": "60759"
},
{
"db": "PACKETSTORM",
"id": "60039"
},
{
"db": "PACKETSTORM",
"id": "80533"
},
{
"db": "PACKETSTORM",
"id": "57507"
},
{
"db": "PACKETSTORM",
"id": "58667"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
},
{
"db": "NVD",
"id": "CVE-2007-3304"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2007-3304",
"ident": null
},
{
"db": "BID",
"id": "24215",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "57505",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "60039",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "57507",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "58667",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2007-000477",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2007-3304",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2007-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3304",
"ident": null
},
{
"date": "2007-05-29T00:00:00",
"db": "BID",
"id": "24215",
"ident": null
},
{
"date": "2007-07-07T04:29:41",
"db": "PACKETSTORM",
"id": "57505",
"ident": null
},
{
"date": "2007-11-07T20:27:55",
"db": "PACKETSTORM",
"id": "60759",
"ident": null
},
{
"date": "2007-10-12T04:41:53",
"db": "PACKETSTORM",
"id": "60039",
"ident": null
},
{
"date": "2009-08-23T16:31:17",
"db": "PACKETSTORM",
"id": "80533",
"ident": null
},
{
"date": "2007-07-07T04:32:02",
"db": "PACKETSTORM",
"id": "57507",
"ident": null
},
{
"date": "2007-08-17T06:30:14",
"db": "PACKETSTORM",
"id": "58667",
"ident": null
},
{
"date": "2007-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-316",
"ident": null
},
{
"date": "2007-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000477",
"ident": null
},
{
"date": "2007-06-20T22:30:00",
"db": "NVD",
"id": "CVE-2007-3304",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-09-21T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3304",
"ident": null
},
{
"date": "2010-08-05T21:15:00",
"db": "BID",
"id": "24215",
"ident": null
},
{
"date": "2022-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200706-316",
"ident": null
},
{
"date": "2009-02-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-000477",
"ident": null
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3304",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "57505"
},
{
"db": "PACKETSTORM",
"id": "57507"
},
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "Apache HTTP Server of Prefork MPM Service disruption in modules (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-000477"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200706-316"
}
],
"trust": 0.6
}
}
VAR-201111-0190
Vulnerability from variot - Updated: 2026-03-09 21:34Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Apache HTTP Server is prone to a local privilege-escalation vulnerability because of an integer-overflow error. Local attackers can exploit this issue to run arbitrary code with elevated privileges (with the privileges of the Apache webserver process). Failed exploit attempts may crash the affected application, denying service to legitimate users. Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd security update Advisory ID: RHSA-2012:0128-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html Issue date: 2012-02-13 CVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 =====================================================================
- Summary:
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)
The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053)
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607)
A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031)
All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix 756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix 769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow 773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling 785069 - CVE-2012-0053 httpd: cookie exposure due to error responses
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
ppc64: httpd-2.2.15-15.el6_2.1.ppc64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm httpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm httpd-devel-2.2.15-15.el6_2.1.ppc.rpm httpd-devel-2.2.15-15.el6_2.1.ppc64.rpm httpd-tools-2.2.15-15.el6_2.1.ppc64.rpm mod_ssl-2.2.15-15.el6_2.1.ppc64.rpm
s390x: httpd-2.2.15-15.el6_2.1.s390x.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm httpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm httpd-devel-2.2.15-15.el6_2.1.s390.rpm httpd-devel-2.2.15-15.el6_2.1.s390x.rpm httpd-tools-2.2.15-15.el6_2.1.s390x.rpm mod_ssl-2.2.15-15.el6_2.1.s390x.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm
i386: httpd-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-tools-2.2.15-15.el6_2.1.i686.rpm mod_ssl-2.2.15-15.el6_2.1.i686.rpm
noarch: httpd-manual-2.2.15-15.el6_2.1.noarch.rpm
x86_64: httpd-2.2.15-15.el6_2.1.x86_64.rpm httpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm httpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm httpd-devel-2.2.15-15.el6_2.1.i686.rpm httpd-devel-2.2.15-15.el6_2.1.x86_64.rpm httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm mod_ssl-2.2.15-15.el6_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3607.html https://www.redhat.com/security/data/cve/CVE-2011-3639.html https://www.redhat.com/security/data/cve/CVE-2011-4317.html https://www.redhat.com/security/data/cve/CVE-2012-0031.html https://www.redhat.com/security/data/cve/CVE-2012-0053.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2011-1391.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+ HOLS5+cKusdo+jUiYKIV4mw= =fM2U -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The could allow the attacker to access internal servers that are not otherwise accessible from the outside.
The three CVE ids denote slightly different variants of the same issue.
Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. This could allow a remote attacker using cross site scripting to steal authentication cookies.
For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12.
For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6
For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1.
For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1.
We recommend that you upgrade your apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.22-r1"
References
[ 1 ] CVE-2010-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408 [ 2 ] CVE-2010-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434 [ 3 ] CVE-2010-1452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452 [ 4 ] CVE-2010-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791 [ 5 ] CVE-2011-3192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192 [ 6 ] CVE-2011-3348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348 [ 7 ] CVE-2011-3368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368 [ 8 ] CVE-2011-3607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607 [ 9 ] CVE-2011-4317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317 [ 10 ] CVE-2012-0021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021 [ 11 ] CVE-2012-0031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031 [ 12 ] CVE-2012-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053 [ 13 ] CVE-2012-0883 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-25.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. (CVE-2011-3368)
It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3607)
A NULL pointer dereference flaw was found in the httpd mod_log_config module.
This update also fixes the following bug:
- The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update introduced a regression in the way httpd handled certain Range HTTP header values. This update corrects this regression. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing JBoss Enterprise Web Server installation (including all applications and configuration files). This version of Apache is principally a security and bug fix release, including the following significant security fixes:
-
SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations.
-
SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations.
-
SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17.
-
SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.
The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Apache HTTP Server 2.2.22 is available for download from:
http://httpd.apache.org/download.cgi
Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available:
http://httpd.apache.org/security/vulnerabilities_22.html
This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3.
Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see:
http://httpd.apache.org/docs/2.2/new_features_2_2.html
This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes.
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING
When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. ============================================================================ Ubuntu Security Notice USN-1368-1 February 16, 2012
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the Apache HTTP Server. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607)
Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. (CVE-2011-4317)
Rainer Canavan discovered that the mod_log_config module incorrectly handled a certain format string when used with a threaded MPM. A local attacker could exploit this to to cause a denial of service. (CVE-2012-0053)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.2
Ubuntu 11.04: apache2.2-common 2.2.17-1ubuntu1.5
Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.5
Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.8
Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.23
In general, a standard system update will make all the necessary changes
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.34"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.19"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.13"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.57"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.20"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.60"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.2"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.18"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.58"
},
{
"_id": null,
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.54"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition l11",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.42"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.38"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.52"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.8"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.36"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "hat jboss enterprise web server for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "61.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.2"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.41"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.15"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.57"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.19"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.11"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.0"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.15"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.59"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.49"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0.1"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.50"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.6"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.1"
},
{
"_id": null,
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.34"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.16"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.1"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.64"
},
{
"_id": null,
"model": "interstage application server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "hat enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.60"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.5"
},
{
"_id": null,
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.51"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.4"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.12"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.17"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.2"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "12.1"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"_id": null,
"model": "software foundation apache -beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.28"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"_id": null,
"model": "freeflow print server 73.b3.61",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.53"
},
{
"_id": null,
"model": "hat jboss enterprise web server for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "51.0"
},
{
"_id": null,
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.35"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.55"
},
{
"_id": null,
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1.2"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.7"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "aura communication manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.56"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.37"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "8.0"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2011"
},
{
"_id": null,
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.39"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.1"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.32"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.21"
},
{
"_id": null,
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.13"
},
{
"_id": null,
"model": "openvms secure web server",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.0.21"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.0"
},
{
"_id": null,
"model": "interstage business application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"_id": null,
"model": "aura messaging",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.22"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.2"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.48"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.45"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.43"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.47"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0.2"
},
{
"_id": null,
"model": "aura communication manager utility services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.2"
},
{
"_id": null,
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.46"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.2"
},
{
"_id": null,
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"_id": null,
"model": "system management homepage",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "6.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.44"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.40"
},
{
"_id": null,
"model": "aura session manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "hat enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.3"
},
{
"_id": null,
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.1.3"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.1"
},
{
"_id": null,
"model": "aura session manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "interstage application server enterprise edition l10a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "5.0"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.14"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.61"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"_id": null,
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.9"
},
{
"_id": null,
"model": "freeflow print server 73.c0.41",
"scope": null,
"trust": 0.3,
"vendor": "xerox",
"version": null
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.4"
},
{
"_id": null,
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"_id": null,
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"_id": null,
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"_id": null,
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"_id": null,
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"_id": null,
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.13"
}
],
"sources": [
{
"db": "BID",
"id": "50494"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
},
{
"db": "NVD",
"id": "CVE-2011-3607"
}
]
},
"credits": {
"_id": null,
"data": "halfdog",
"sources": [
{
"db": "BID",
"id": "50494"
},
{
"db": "PACKETSTORM",
"id": "106512"
}
],
"trust": 0.4
},
"cve": "CVE-2011-3607",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2011-3607",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-3607",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-112",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2011-3607",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3607"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
},
{
"db": "NVD",
"id": "CVE-2011-3607"
}
]
},
"description": {
"_id": null,
"data": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. Apache HTTP Server is prone to a local privilege-escalation vulnerability because of an integer-overflow error. \nLocal attackers can exploit this issue to run arbitrary code with elevated privileges (with the privileges of the Apache webserver process). Failed exploit attempts may crash the affected application, denying service to legitimate users. \nNote: To trigger this issue, \u0027mod_setenvif\u0027 must be enabled and the attacker should be able to place a malicious \u0027.htaccess\u0027 file on the affected webserver. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd security update\nAdvisory ID: RHSA-2012:0128-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0128.html\nIssue date: 2012-02-13\nCVE Names: CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 \n CVE-2012-0031 CVE-2012-0053 \n=====================================================================\n\n1. Summary:\n\nUpdated httpd packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64\n\n3. \n\nIt was discovered that the fix for CVE-2011-3368 (released via\nRHSA-2011:1391) did not completely address the problem. An attacker could\nbypass the fix and make a reverse proxy connect to an arbitrary server not\ndirectly accessible to the attacker by sending an HTTP version 0.9 request,\nor by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317)\n\nThe httpd server included the full HTTP header line in the default error\npage generated when receiving an excessively long or malformed header. \nMalicious JavaScript running in the server\u0027s domain context could use this\nflaw to gain access to httpOnly cookies. (CVE-2012-0053)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way httpd performed substitutions in regular expressions. An\nattacker able to set certain httpd settings, such as a user permitted to\noverride the httpd configuration for a specific directory using a\n\".htaccess\" file, could use this flaw to crash the httpd child process or,\npossibly, execute arbitrary code with the privileges of the \"apache\" user. \n(CVE-2011-3607)\n\nA flaw was found in the way httpd handled child process status information. \nA malicious program running with httpd child process privileges (such as a\nPHP or CGI script) could use this flaw to cause the parent httpd process to\ncrash during httpd service shutdown. (CVE-2012-0031)\n\nAll httpd users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. After installing the updated\npackages, the httpd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n752080 - CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n756483 - CVE-2011-4317 httpd: uri scheme bypass of the reverse proxy vulnerability CVE-2011-3368 fix\n769844 - CVE-2011-3607 httpd: ap_pregsub Integer overflow to buffer overflow\n773744 - CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling\n785069 - CVE-2012-0053 httpd: cookie exposure due to error responses\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc.rpm\nhttpd-devel-2.2.15-15.el6_2.1.ppc64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.ppc64.rpm\nmod_ssl-2.2.15-15.el6_2.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390.rpm\nhttpd-devel-2.2.15-15.el6_2.1.s390x.rpm\nhttpd-tools-2.2.15-15.el6_2.1.s390x.rpm\nmod_ssl-2.2.15-15.el6_2.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/httpd-2.2.15-15.el6_2.1.src.rpm\n\ni386:\nhttpd-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-tools-2.2.15-15.el6_2.1.i686.rpm\nmod_ssl-2.2.15-15.el6_2.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-15.el6_2.1.noarch.rpm\n\nx86_64:\nhttpd-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.i686.rpm\nhttpd-debuginfo-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-devel-2.2.15-15.el6_2.1.i686.rpm\nhttpd-devel-2.2.15-15.el6_2.1.x86_64.rpm\nhttpd-tools-2.2.15-15.el6_2.1.x86_64.rpm\nmod_ssl-2.2.15-15.el6_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3607.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3639.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4317.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0031.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0053.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://rhn.redhat.com/errata/RHSA-2011-1391.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPOXUIXlSAg2UNWIIRAg4AAJ9vTPttyKrbHbaSV7xCAzG89ytZgACfTSq+\nHOLS5+cKusdo+jUiYKIV4mw=\n=fM2U\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. The could allow the attacker to access internal\n servers that are not otherwise accessible from the outside. \n\n The three CVE ids denote slightly different variants of the same\n issue. \n\n Note that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append arbitrary\n strings to the host or port parts of the target URI. This is a violation of the privilege separation\n between the apache2 processes and could potentially be used to worsen\n the impact of other vulnerabilities. This could allow a remote attacker using\n cross site scripting to steal authentication cookies. \n\n\nFor the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12. \n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6\n\nFor the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1. \n\nWe recommend that you upgrade your apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2. \nPlease review the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache HTTP Server users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.22-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0408\n[ 2 ] CVE-2010-0434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0434\n[ 3 ] CVE-2010-1452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1452\n[ 4 ] CVE-2010-2791\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2791\n[ 5 ] CVE-2011-3192\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3192\n[ 6 ] CVE-2011-3348\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3348\n[ 7 ] CVE-2011-3368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3368\n[ 8 ] CVE-2011-3607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3607\n[ 9 ] CVE-2011-4317\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4317\n[ 10 ] CVE-2012-0021\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0021\n[ 11 ] CVE-2012-0031\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0031\n[ 12 ] CVE-2012-0053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0053\n[ 13 ] CVE-2012-0883\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0883\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-25.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n\nIt was discovered that the Apache HTTP Server did not properly validate the\nrequest URI for proxied requests. \n(CVE-2011-3368)\n\nIt was discovered that mod_proxy_ajp incorrectly returned an \"Internal\nServer Error\" response when processing certain malformed HTTP requests,\nwhich caused the back-end server to be marked as failed in configurations\nwhere mod_proxy was used in load balancer mode. A remote attacker could\ncause mod_proxy to not send requests to back-end AJP (Apache JServ\nProtocol) servers for the retry timeout period or until all back-end\nservers were marked as failed. \n(CVE-2011-3607)\n\nA NULL pointer dereference flaw was found in the httpd mod_log_config\nmodule. \n\nThis update also fixes the following bug:\n\n* The fix for CVE-2011-3192 provided by the RHSA-2011:1330 update\nintroduced a regression in the way httpd handled certain Range HTTP header\nvalues. This update corrects this regression. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Server installation (including all\napplications and configuration files). This version of Apache is principally a security\n and bug fix release, including the following significant security fixes:\n\n * SECURITY: CVE-2011-3368 (cve.mitre.org)\n Reject requests where the request-URI does not match the HTTP\n specification, preventing unexpected expansion of target URLs in\n some reverse proxy configurations. \n\n * SECURITY: CVE-2011-4317 (cve.mitre.org)\n Resolve additional cases of URL rewriting with ProxyPassMatch or\n RewriteRule, where particular request-URIs could result in undesired\n backend network exposure in some configurations. \n\n * SECURITY: CVE-2012-0021 (cve.mitre.org)\n mod_log_config: Fix segfault (crash) when the \u0027%{cookiename}C\u0027 log format\n string is in use and a client sends a nameless, valueless cookie, causing\n a denial of service. The issue existed since version 2.2.17. \n\n * SECURITY: CVE-2012-0053 (cve.mitre.org)\n Fixed an issue in error responses that could expose \"httpOnly\" cookies\n when no custom ErrorDocument is specified for status code 400. \n\n The Apache HTTP Project thanks halfdog, Context Information Security Ltd,\n Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to\n the attention of the security team. \n\n We consider this release to be the best version of Apache available, and\n encourage users of all prior versions to upgrade. \n\n Apache HTTP Server 2.2.22 is available for download from:\n\n http://httpd.apache.org/download.cgi\n\n Please see the CHANGES_2.2 file, linked from the download page, for a\n full list of changes. A condensed list, CHANGES_2.2.22 includes only\n those changes introduced since the prior 2.2 release. A summary of all\n of the security vulnerabilities addressed in this and earlier releases\n is available:\n\n http://httpd.apache.org/security/vulnerabilities_22.html\n\n This release includes the Apache Portable Runtime (APR) version 1.4.5\n and APR Utility Library (APR-util) version 1.4.2, bundled with the tar\n and zip distributions. The APR libraries libapr and libaprutil (and\n on Win32, libapriconv version 1.2.1) must all be updated to ensure\n binary compatibility and address many known security and platform bugs. \n APR-util version 1.4 represents a minor version upgrade from earlier\n httpd source distributions, which previously included version 1.3. \n\n Apache 2.2 offers numerous enhancements, improvements, and performance\n boosts over the 2.0 codebase. For an overview of new features\n introduced since 2.0 please see:\n\n http://httpd.apache.org/docs/2.2/new_features_2_2.html\n\n This release builds on and extends the Apache 2.0 API. Modules written\n for Apache 2.0 will need to be recompiled in order to run with Apache\n 2.2, and require minimal or no source code changes. \n\n http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING\n\n When upgrading or installing this version of Apache, please bear in mind\n that if you intend to use Apache with one of the threaded MPMs (other\n than the Prefork MPM), you must ensure that any modules you will be\n using (and the libraries they depend on) are thread-safe. ============================================================================\nUbuntu Security Notice USN-1368-1\nFebruary 16, 2012\n\napache2 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n- Ubuntu 8.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the Apache HTTP Server. An attacker having write access to a\n.htaccess file may exploit this to possibly execute arbitrary code. \n(CVE-2011-3607)\n\nPrutha Parikh discovered that the mod_proxy module did not properly\ninteract with the RewriteRule and ProxyPassMatch pattern matches in the\nconfiguration of a reverse proxy. (CVE-2011-4317)\n\nRainer Canavan discovered that the mod_log_config module incorrectly\nhandled a certain format string when used with a threaded MPM. A local attacker\ncould exploit this to to cause a denial of service. (CVE-2012-0053)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.10:\n apache2.2-common 2.2.20-1ubuntu1.2\n\nUbuntu 11.04:\n apache2.2-common 2.2.17-1ubuntu1.5\n\nUbuntu 10.10:\n apache2.2-common 2.2.16-1ubuntu3.5\n\nUbuntu 10.04 LTS:\n apache2.2-common 2.2.14-5ubuntu8.8\n\nUbuntu 8.04 LTS:\n apache2.2-common 2.2.8-1ubuntu0.23\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3607"
},
{
"db": "BID",
"id": "50494"
},
{
"db": "VULMON",
"id": "CVE-2011-3607"
},
{
"db": "PACKETSTORM",
"id": "109731"
},
{
"db": "PACKETSTORM",
"id": "109464"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "109330"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "110036"
}
],
"trust": 1.89
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41769",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3607"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-3607",
"trust": 2.8
},
{
"db": "BID",
"id": "50494",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "48551",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "45793",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1026267",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "76744",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2011-3607",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "106512",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109731",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109464",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114141",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112503",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109330",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110036",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3607"
},
{
"db": "BID",
"id": "50494"
},
{
"db": "PACKETSTORM",
"id": "106512"
},
{
"db": "PACKETSTORM",
"id": "109731"
},
{
"db": "PACKETSTORM",
"id": "109464"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "109330"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "110036"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
},
{
"db": "NVD",
"id": "CVE-2011-3607"
}
]
},
"id": "VAR-201111-0190",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1915078275
},
"last_update_date": "2026-03-09T21:34:51.300000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120323 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory"
},
{
"title": "Red Hat: Moderate: httpd security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120128 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1368-1"
},
{
"title": "Amazon Linux AMI: ALAS-2012-046",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-046"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "pigat",
"trust": 0.1,
"url": "https://github.com/teamssix/pigat "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-3607"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-189",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-3607"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.9,
"url": "http://www.halfdog.net/security/2011/apachemodsetenvifintegeroverflow/demoexploit.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0128.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0543.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:003"
},
{
"trust": 1.6,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/76744"
},
{
"trust": 1.6,
"url": "http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html"
},
{
"trust": 1.6,
"url": "https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html"
},
{
"trust": 1.6,
"url": "http://support.apple.com/kb/ht5501"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750935"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1026267"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/48551"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0542.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2012/dsa-2405"
},
{
"trust": 1.6,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.6,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150"
},
{
"trust": 1.6,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/50494"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71093"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/45793"
},
{
"trust": 1.3,
"url": "http://www.halfdog.net/security/2011/apachemodsetenvifintegeroverflow/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0053"
},
{
"trust": 0.6,
"url": "http://support.avaya.com/css/p8/documents/100158872"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0021"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506"
},
{
"trust": 0.3,
"url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigational"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm50426"
},
{
"trust": 0.3,
"url": "https://support.avaya.com/css/p8/documents/100155944"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100157326"
},
{
"trust": 0.3,
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301\u0026ac.admitted=1332965374461.876444892.492883150"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3639"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3607.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0053.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0031.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3639.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4317.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1391.html"
},
{
"trust": 0.1,
"url": "http://internal-host/$1"
},
{
"trust": 0.1,
"url": "http://internal-host$1"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0434"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2791"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3368"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0031"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0408"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1452"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0883"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3348"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4317"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0021"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3607"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-25.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0883"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0434"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2791"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3368.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1330.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=webserver\u0026downloadtype=securitypatches\u0026version=1.0.2"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3348.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0021.html"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/security/vulnerabilities_22.html"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/download.cgi"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/versioning"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/docs/2.2/new_features_2_2.html"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1368-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0323.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1392.html"
}
],
"sources": [
{
"db": "BID",
"id": "50494"
},
{
"db": "PACKETSTORM",
"id": "106512"
},
{
"db": "PACKETSTORM",
"id": "109731"
},
{
"db": "PACKETSTORM",
"id": "109464"
},
{
"db": "PACKETSTORM",
"id": "114141"
},
{
"db": "PACKETSTORM",
"id": "112503"
},
{
"db": "PACKETSTORM",
"id": "109330"
},
{
"db": "PACKETSTORM",
"id": "109837"
},
{
"db": "PACKETSTORM",
"id": "110036"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
},
{
"db": "NVD",
"id": "CVE-2011-3607"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2011-3607",
"ident": null
},
{
"db": "BID",
"id": "50494",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "106512",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109731",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109464",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "114141",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "112503",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109330",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109837",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "110036",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-3607",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3607",
"ident": null
},
{
"date": "2011-11-02T00:00:00",
"db": "BID",
"id": "50494",
"ident": null
},
{
"date": "2011-11-02T14:54:23",
"db": "PACKETSTORM",
"id": "106512",
"ident": null
},
{
"date": "2012-02-13T22:08:05",
"db": "PACKETSTORM",
"id": "109731",
"ident": null
},
{
"date": "2012-02-07T00:10:33",
"db": "PACKETSTORM",
"id": "109464",
"ident": null
},
{
"date": "2012-06-24T23:54:52",
"db": "PACKETSTORM",
"id": "114141",
"ident": null
},
{
"date": "2012-05-07T20:02:40",
"db": "PACKETSTORM",
"id": "112503",
"ident": null
},
{
"date": "2012-02-02T01:31:45",
"db": "PACKETSTORM",
"id": "109330",
"ident": null
},
{
"date": "2012-02-17T02:34:31",
"db": "PACKETSTORM",
"id": "109837",
"ident": null
},
{
"date": "2012-02-22T02:10:49",
"db": "PACKETSTORM",
"id": "110036",
"ident": null
},
{
"date": "2011-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-112",
"ident": null
},
{
"date": "2011-11-08T11:55:05.693000",
"db": "NVD",
"id": "CVE-2011-3607",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-06-06T00:00:00",
"db": "VULMON",
"id": "CVE-2011-3607",
"ident": null
},
{
"date": "2015-04-13T20:49:00",
"db": "BID",
"id": "50494",
"ident": null
},
{
"date": "2021-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-112",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-3607",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "50494"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Apache HTTP Server \u2018 ap_pregsub() \u2018function local privilege escalation vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-112"
}
],
"trust": 0.6
}
}