[CentOS] Apache patching questions
U n d e r a c h i e v e r
takeme2your at rocketmail.comTue Feb 21 23:13:59 UTC 2006
- Previous message: [CentOS] OT Proftpd Continued
- Next message: [CentOS] Apache patching questions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi I'm using CentOS 3, and it's fully patched using yum. Apache reports version 2.0.46 (CentOS) A colleague ran a copy of Nikto, a scripted vuln. finder, against my server, and reported the following problems. The only one I've tested is the directory traversal, and it seems to be an issue. Will the upstream vendor patch these issues in Apache 2.0.46, or not? If not, does anyone know why not? # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.49 may allow unescaped data into logfiles, which could pose a threat when logs are viewed/parsed. CAN-2003-0020. OSVDB-4382. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.50 contains a DoS with certain input data. CAN-2004-0493. OSVDB-7269. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.51 contains a potential infinite loop. CAN-2004-0748. OSVDB-9523. # 2.0.46 (CentOS) - TelCondex Simpleserver 2.13.31027 Build 3289 and below allow directory traversal with '/.../' entries. # Apache/2.0.46 - "Apache 2.0 up 2.0.46 are vulnerable to multiple remote problems. CAN-2003-0192. CAN-2003-0253. CAN-2003-0254. CERT VU # Apache/2.0.46 - Apache 2.0 up 2.0.47 are vulnerable to multiple remote problems in mod_rewrite and mod_cgi. CAN-2003-0789. CAN-2003-0542. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.53 contains a memory exhaustion DoS through MIME folded requests. CAN-2004-0942. OSVDB-11391. # Apache/2.0.46 (CentOS) - Apache 2.0 to 2.0.52 could allow bypassing of authentication via the Satisfy directive. CAN-2004-0811. OSVDB-10218. -- takeme2your at rocketmail.com U n d e r a c h i e v e r
- Previous message: [CentOS] OT Proftpd Continued
- Next message: [CentOS] Apache patching questions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list