var-200705-0688
Vulnerability from variot
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.The server could fall into a denial of service (DoS) state when continuously receiving fraudulent responses from backend Web servers. The Apache 'mod_proxy_http' module is prone to a denial-of-service vulnerability that affects the processing of interim responses. Attackers may exploit this issue to cause denial-of-service conditions. Reportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007. The security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues. NOTE: This BID is being retired; the following individual records have been created to better document these issues: 31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability 31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability 31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability 31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability 31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability 31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability 31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability 31720 Apple Finder Denial of Service Vulnerability 31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability 31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability 31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH XCe08aGCzEZj/q4n91JQnhq6 =XImF -----END PGP SIGNATURE----- .
This update also provides HTTP/1.1 compliance fixes.
The updated packages have been patched to prevent this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Updated Packages:
Corporate 3.0: 532973a116bcdf63ed72042b819b59cc corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm e2913623f1876d02e426bbca997f3435 corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm 2e583f46edd8e83d8071e1912fbcced6 corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm 83b6d9adea62a2c186f2acfb7372a8f0 corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm f797d9dd78f6a75328f3156f4d97de54 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm 1e13b9cf9ed69f69f1700d89e7b0a625 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm eeacd8fa60a510fe23a949303aefa934 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm 12978be0a831fb2164e8663e0aa96c16 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm ff7133c4d2f3a18d5ca86398b6a3b482 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm de43091c378ef1b0a465f409d4198c7d corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm 2a884bf3c648fe6e45bd1858e7ac8fca corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm 435c1058b34b3e5603e8502315d3f1be corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm 5a54d1929057b311ab83863fcfc6785b corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm 37bb90e385c1571579d604120cd1c1d4 corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm 377a8d1250fb1276e0c52fe89b63775a corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm 2c6db35de4997018b043181957072182 corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
Corporate 3.0/X86_64: 43cb9996c4ad55ead2a2bba2a618b939 corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm 898f1420c5fe218c748281c238da9d00 corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm b7ca472734ea5776cfecf1dd2315f71d corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm 8ebd24059163cd8f8e22eb0203682e41 corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm ac6f64c5aabbf463be38023dfb2e30e0 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm 2e66000edd688d563645ecf526724899 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm d82ba16ad19ebfbb412f033537fe7dfb corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm e83174382435df2220f7563545543342 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm af5d024a4cff0c216d0c02dcbe08ab83 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm b6a74826d456381f9c3807d7cdaef8ff corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm 3e0c99c91a186db1650ab277fb266ddf corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm 5bcf1224653b851df20d07d6fbb248b6 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm c07af351ea84b7d8a0b0de879c9aad2e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm fa40774c92468aa0080979674ff473c5 corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm a387e498b01b876ee31066aa3a73970a corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm 659d44dc9615de5b556d35425d628bf7 corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
Multi Network Firewall 2.0: 93eef0301be074129e8c8f67381c09ad mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm 0dd927e4efb8dc43f2168227d22c1407 mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm 366c8a236e33babca8447b3c3f926c83 mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm 73490cae06d07885512ff28fb24c1d6c mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm 8bf01fed207bf8ae9c265be3d3f0e0f5 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm b06f622b9c96bfa10cdc4d2067e5826f mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm c5600da4764bcb84733c16034871ced1 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm cccdb0578c7443e46154a8f64b78a86b mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm 67fb4bcf03bef82c78fb42ec3de85b55 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm 20cb9f0132cd5181f6cff7699373d488 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm 1f0f71765b82dd9086c99a2ec98ce458 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm 26d8d7db3f8a8ed9dd22add69cc908cd mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm 538e1d3b6eab0b6770de516d9c6e59e4 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm 82674d6c664adb4e9a8539703ee113d7 mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm d1dc24f4698a7cef16c292ba19302ca1 mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm b83a8c4eda842c3e358d16d22febbe80 mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm 5ff603859246c39086f9b6ad300f97c6 mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo NmJlapeQ2vPQcDIjsktx95s= =5zLR -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200807-06
http://security.gentoo.org/
Severity: Normal Title: Apache: Denial of Service Date: July 09, 2008 Bugs: #222643, #227111 ID: 200807-06
Synopsis
Multiple vulnerabilities in Apache might lead to a Denial of Service.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/apache < 2.2.9 >= 2.2.9
Description
Multiple vulnerabilities have been discovered in Apache:
-
Dustin Kirkland reported that the mod_ssl module can leak memory when the client reports support for a compression algorithm (CVE-2008-1678).
-
sp3x of SecurityReason reported a Cross-Site Request Forgery vulnerability in the balancer-manager in the mod_proxy_balancer module (CVE-2007-6420).
Impact
A remote attacker could exploit these vulnerabilities by connecting to an Apache httpd, by causing an Apache proxy server to connect to a malicious server, or by enticing a balancer administrator to connect to a specially-crafted URL, resulting in a Denial of Service of the Apache daemon.
Workaround
There is no known workaround at this time.
Resolution
All Apache users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.9"
References
[ 1 ] CVE-2007-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420 [ 2 ] CVE-2008-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678 [ 3 ] CVE-2008-2364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200807-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
The vulnerability is caused due to an unspecified error, which can be exploited to cause a high memory usage when the application is used as a reverse proxy.
Please see the vendor's advisory for a full list of affected products.
SOLUTION: Update to a fixed version. See vendor advisory for details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html
OTHER REFERENCES: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200705-0688",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "8.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "6.06"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "7.10"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.2.0"
},
{
"model": "http server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.35"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.7"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.2"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "9"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "http server",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.0.64"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "web server",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.6,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "7.10"
},
{
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11x64"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "11"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "10.0.0x64"
},
{
"model": "personal",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "multimedia",
"scope": null,
"trust": 0.3,
"vendor": "turbolinux",
"version": null
},
{
"model": "fuji",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "0"
},
{
"model": "appliance server",
"scope": "eq",
"trust": 0.3,
"vendor": "turbolinux",
"version": "2.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "2"
},
{
"model": "appliance platform linux service",
"scope": "eq",
"trust": 0.3,
"vendor": "rpath",
"version": "1"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "application stack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "v20"
},
{
"model": "hat enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "4"
},
{
"model": "hat enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "3"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.8"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.3.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.1.7"
},
{
"model": "http server roll up",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.22"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.2"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.2.0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.3.5"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.1.2.3"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "multi network firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "2.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "3.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "os/400 v5r4",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "i5/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.17"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.15"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.47"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.13"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0.1"
},
{
"model": "http server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.0"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.23",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "business availability center",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "8.01"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio standard-j edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1.0"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition b",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition 9.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.2.2.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "4.2.2.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.5"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "5.4"
},
{
"model": "coat systems director",
"scope": "eq",
"trust": 0.3,
"vendor": "blue",
"version": "0"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.8"
},
{
"model": "software foundation apache",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.63"
},
{
"model": "http server",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1.19"
},
{
"model": "coat systems director",
"scope": "ne",
"trust": 0.3,
"vendor": "blue",
"version": "5.5.2.3"
},
{
"model": "software foundation apache",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
}
],
"sources": [
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:hitachi_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ryujiro Shibuya",
"sources": [
{
"db": "BID",
"id": "29653"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
}
],
"trust": 0.9
},
"cve": "CVE-2008-2364",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2364",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2009-001740",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2364",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2009-001740",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200806-186",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-2364",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.The server could fall into a denial of service (DoS) state when continuously receiving fraudulent responses from backend Web servers. The Apache \u0027mod_proxy_http\u0027 module is prone to a denial-of-service vulnerability that affects the processing of interim responses. \nAttackers may exploit this issue to cause denial-of-service conditions. \nReportedly, the issue affects Apache 2.2.8 and 2.0.63; other versions may also be affected. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007. \nThe security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues. \nNOTE: This BID is being retired; the following individual records have been created to better document these issues:\n31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability\n31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability\n31708 Apple Mac OS X \u0027hosts.equiv\u0027 Security Bypass Vulnerability\n31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability\n31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability\n31711 Apple Mac OS X \u0027configd\u0027 EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability\n31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability\n31720 Apple Finder Denial of Service Vulnerability\n31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability\n31688 CUPS \u0027HP-GL/2\u0027 Filter Remote Code Execution Vulnerability\n31722 Apple Mac OS X 10.5 \u0027launchd\u0027 Unspecified Security Bypass Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQA/AwUBSYhX8+AfOvwtKn1ZEQJxcACeJa8lt5TkhV5qnaGRTaBh4kqHutgAoJbH\nXCe08aGCzEZj/q4n91JQnhq6\n=XImF\n-----END PGP SIGNATURE-----\n. \n \n This update also provides HTTP/1.1 compliance fixes. \n \n The updated packages have been patched to prevent this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n _______________________________________________________________________\n\n Updated Packages:\n\n Corporate 3.0:\n 532973a116bcdf63ed72042b819b59cc corporate/3.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm\n e2913623f1876d02e426bbca997f3435 corporate/3.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm\n 2e583f46edd8e83d8071e1912fbcced6 corporate/3.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm\n 83b6d9adea62a2c186f2acfb7372a8f0 corporate/3.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm\n f797d9dd78f6a75328f3156f4d97de54 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm\n 1e13b9cf9ed69f69f1700d89e7b0a625 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm\n eeacd8fa60a510fe23a949303aefa934 corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm\n 12978be0a831fb2164e8663e0aa96c16 corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm\n ff7133c4d2f3a18d5ca86398b6a3b482 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm\n de43091c378ef1b0a465f409d4198c7d corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm\n 2a884bf3c648fe6e45bd1858e7ac8fca corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm\n 435c1058b34b3e5603e8502315d3f1be corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm\n 5a54d1929057b311ab83863fcfc6785b corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm\n 37bb90e385c1571579d604120cd1c1d4 corporate/3.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm\n 377a8d1250fb1276e0c52fe89b63775a corporate/3.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm\n 2c6db35de4997018b043181957072182 corporate/3.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm \n 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 43cb9996c4ad55ead2a2bba2a618b939 corporate/3.0/x86_64/apache2-2.0.48-6.19.C30mdk.x86_64.rpm\n 898f1420c5fe218c748281c238da9d00 corporate/3.0/x86_64/apache2-common-2.0.48-6.19.C30mdk.x86_64.rpm\n b7ca472734ea5776cfecf1dd2315f71d corporate/3.0/x86_64/apache2-devel-2.0.48-6.19.C30mdk.x86_64.rpm\n 8ebd24059163cd8f8e22eb0203682e41 corporate/3.0/x86_64/apache2-manual-2.0.48-6.19.C30mdk.x86_64.rpm\n ac6f64c5aabbf463be38023dfb2e30e0 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.19.C30mdk.x86_64.rpm\n 2e66000edd688d563645ecf526724899 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.19.C30mdk.x86_64.rpm\n d82ba16ad19ebfbb412f033537fe7dfb corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.19.C30mdk.x86_64.rpm\n e83174382435df2220f7563545543342 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.x86_64.rpm\n af5d024a4cff0c216d0c02dcbe08ab83 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.19.C30mdk.x86_64.rpm\n b6a74826d456381f9c3807d7cdaef8ff corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.19.C30mdk.x86_64.rpm\n 3e0c99c91a186db1650ab277fb266ddf corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.x86_64.rpm\n 5bcf1224653b851df20d07d6fbb248b6 corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.19.C30mdk.x86_64.rpm\n c07af351ea84b7d8a0b0de879c9aad2e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.19.C30mdk.x86_64.rpm\n fa40774c92468aa0080979674ff473c5 corporate/3.0/x86_64/apache2-modules-2.0.48-6.19.C30mdk.x86_64.rpm\n a387e498b01b876ee31066aa3a73970a corporate/3.0/x86_64/apache2-source-2.0.48-6.19.C30mdk.x86_64.rpm\n 659d44dc9615de5b556d35425d628bf7 corporate/3.0/x86_64/lib64apr0-2.0.48-6.19.C30mdk.x86_64.rpm \n 30da5c4069b7b8ea5b3bb13734ca0058 corporate/3.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm\n\n Multi Network Firewall 2.0:\n 93eef0301be074129e8c8f67381c09ad mnf/2.0/i586/apache2-2.0.48-6.19.C30mdk.i586.rpm\n 0dd927e4efb8dc43f2168227d22c1407 mnf/2.0/i586/apache2-common-2.0.48-6.19.C30mdk.i586.rpm\n 366c8a236e33babca8447b3c3f926c83 mnf/2.0/i586/apache2-devel-2.0.48-6.19.C30mdk.i586.rpm\n 73490cae06d07885512ff28fb24c1d6c mnf/2.0/i586/apache2-manual-2.0.48-6.19.C30mdk.i586.rpm\n 8bf01fed207bf8ae9c265be3d3f0e0f5 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.19.C30mdk.i586.rpm\n b06f622b9c96bfa10cdc4d2067e5826f mnf/2.0/i586/apache2-mod_dav-2.0.48-6.19.C30mdk.i586.rpm\n c5600da4764bcb84733c16034871ced1 mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.19.C30mdk.i586.rpm\n cccdb0578c7443e46154a8f64b78a86b mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.19.C30mdk.i586.rpm\n 67fb4bcf03bef82c78fb42ec3de85b55 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.19.C30mdk.i586.rpm\n 20cb9f0132cd5181f6cff7699373d488 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.19.C30mdk.i586.rpm\n 1f0f71765b82dd9086c99a2ec98ce458 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.19.C30mdk.i586.rpm\n 26d8d7db3f8a8ed9dd22add69cc908cd mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.19.C30mdk.i586.rpm\n 538e1d3b6eab0b6770de516d9c6e59e4 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.19.C30mdk.i586.rpm\n 82674d6c664adb4e9a8539703ee113d7 mnf/2.0/i586/apache2-modules-2.0.48-6.19.C30mdk.i586.rpm\n d1dc24f4698a7cef16c292ba19302ca1 mnf/2.0/i586/apache2-source-2.0.48-6.19.C30mdk.i586.rpm\n b83a8c4eda842c3e358d16d22febbe80 mnf/2.0/i586/libapr0-2.0.48-6.19.C30mdk.i586.rpm \n 5ff603859246c39086f9b6ad300f97c6 mnf/2.0/SRPMS/apache2-2.0.48-6.19.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFJOCuNmqjQ0CJFipgRAt+pAKDO9fruRTCR1580NTYdYmnky057aACdFVGo\nNmJlapeQ2vPQcDIjsktx95s=\n=5zLR\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 200807-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache: Denial of Service\n Date: July 09, 2008\n Bugs: #222643, #227111\n ID: 200807-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Apache might lead to a Denial of Service. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/apache \u003c 2.2.9 \u003e= 2.2.9\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache:\n\n* Dustin Kirkland reported that the mod_ssl module can leak memory\n when the client reports support for a compression algorithm\n (CVE-2008-1678). \n\n* sp3x of SecurityReason reported a Cross-Site Request Forgery\n vulnerability in the balancer-manager in the mod_proxy_balancer\n module (CVE-2007-6420). \n\nImpact\n======\n\nA remote attacker could exploit these vulnerabilities by connecting to\nan Apache httpd, by causing an Apache proxy server to connect to a\nmalicious server, or by enticing a balancer administrator to connect to\na specially-crafted URL, resulting in a Denial of Service of the Apache\ndaemon. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.2.9\"\n\nReferences\n==========\n\n [ 1 ] CVE-2007-6420\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420\n [ 2 ] CVE-2008-1678\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1678\n [ 3 ] CVE-2008-2364\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-200807-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttp://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2008 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nThe vulnerability is caused due to an unspecified error, which can be\nexploited to cause a high memory usage when the application is used as\na reverse proxy. \n\nPlease see the vendor\u0027s advisory for a full list of affected\nproducts. \n\nSOLUTION:\nUpdate to a fixed version. See vendor advisory for details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS09-009/index.html\n\nOTHER REFERENCES:\nhttp://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nReferences: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
},
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "PACKETSTORM",
"id": "82164"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2364",
"trust": 3.5
},
{
"db": "BID",
"id": "29653",
"trust": 2.0
},
{
"db": "BID",
"id": "31681",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2008-1798",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0320",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "30621",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31651",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31026",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32838",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34259",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31416",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32685",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34219",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31904",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34418",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33156",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31404",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33797",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020267",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "35771",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2008-2364",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "72628",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68082",
"trust": 0.1
},
{
"db": "HITACHI",
"id": "HS09-009",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "79239",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82164",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"id": "VAR-200705-0688",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.17203079500000001
},
"last_update_date": "2024-11-29T22:34:07.786000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS09-009",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-009/index.html"
},
{
"title": "Red Hat: Moderate: httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080967 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Application Stack v2.2 security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080966 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: apache2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-731-1"
},
{
"title": "Symantec Security Advisories: SA61 : Director multiple Apache vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=508649a9a651b4fb32a5cc0f1310d652"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2008-2364 "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/RoliSoft/ReconScan "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/GiJ03/ReconScan "
},
{
"title": "test",
"trust": 0.1,
"url": "https://github.com/issdp/test "
},
{
"title": "ReconScan",
"trust": 0.1,
"url": "https://github.com/kira1111/ReconScan "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/DButter/whitehat_public "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27008517"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/29653"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-200807-06.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30621"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00153.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31416"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31404"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31026"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-august/msg00055.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020267"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31651"
},
{
"trust": 1.7,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01539432"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31904"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:195"
},
{
"trust": 1.7,
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1pk67579"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32685"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0967.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0966.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:237"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33156"
},
{
"trust": 1.7,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33797"
},
{
"trust": 1.7,
"url": "http://wiki.rpath.com/wiki/advisories:rpsa-2008-0328"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32838"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.ubuntu.com/usn/usn-731-1"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34259"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34219"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34418"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/1798"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42987"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9577"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6084"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11713"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/494858/100/0/threaded"
},
{
"trust": 1.4,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2364"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2364"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
},
{
"trust": 0.6,
"url": "http.c?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 0.6,
"url": "httpd/trunk/modules/proxy/mod_proxy_"
},
{
"trust": 0.6,
"url": "http://svn.apache.org/viewvc/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.3,
"url": "http://httpd.apache.org/docs/2.0/mod/mod_proxy_http.html"
},
{
"trust": 0.3,
"url": "http://www.apache.org/dist/httpd/changes_2.2.9"
},
{
"trust": 0.3,
"url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/changes?r1=666154\u0026r2=666153\u0026pathrev=666154"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
},
{
"trust": 0.3,
"url": "http://alerts.hp.com/r?2.1.3kt.2zr.xg7ek.ctm6em..t.epps.1zqm.kdcefl00"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0966.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas2f960f9e1d5d7811786257655003c8e7a"
},
{
"trust": 0.3,
"url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-247666-1"
},
{
"trust": 0.3,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201002e.html"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.2,
"url": "http://software.hp.com"
},
{
"trust": 0.2,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.2,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.2,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/770.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2008-2364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2008:0967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/731-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1678"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/35771/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-001740.html"
},
{
"trust": 0.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs09-009/index.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/business_solutions/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0599"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3918"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2829"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6203"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3659"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4465"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "PACKETSTORM",
"id": "68082"
},
{
"db": "PACKETSTORM",
"id": "79239"
},
{
"db": "PACKETSTORM",
"id": "82164"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"date": "2008-06-10T00:00:00",
"db": "BID",
"id": "29653"
},
{
"date": "2008-10-09T00:00:00",
"db": "BID",
"id": "31681"
},
{
"date": "2009-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"date": "2009-02-04T18:45:10",
"db": "PACKETSTORM",
"id": "74633"
},
{
"date": "2008-12-04T22:31:41",
"db": "PACKETSTORM",
"id": "72628"
},
{
"date": "2008-07-10T08:16:33",
"db": "PACKETSTORM",
"id": "68082"
},
{
"date": "2009-07-15T07:11:45",
"db": "PACKETSTORM",
"id": "79239"
},
{
"date": "2009-10-23T18:14:28",
"db": "PACKETSTORM",
"id": "82164"
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"date": "2008-06-13T18:41:00",
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2364"
},
{
"date": "2015-04-13T21:30:00",
"db": "BID",
"id": "29653"
},
{
"date": "2009-03-24T16:56:00",
"db": "BID",
"id": "31681"
},
{
"date": "2014-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001740"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200806-186"
},
{
"date": "2024-11-21T00:46:43.047000",
"db": "NVD",
"id": "CVE-2008-2364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "72628"
},
{
"db": "CNNVD",
"id": "CNNVD-200806-186"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001740"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "29653"
},
{
"db": "BID",
"id": "31681"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.