Boletines de Vulnerabilidades |
Divulgación de información en Apache |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Confidencialidad |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | Networking |
Software afectado | Apache 2.2.4 |
Descripción |
|
Se ha encontrado una vulnerabilidad en Apache 2.2.4 en mod_mem_cache en la función recall_headers. La vulnerabilidad reside al copiar incorrectamente todos los niveles de cabeceras que podría resultar en la devolución de cabeceras HTTP que contienen datos usados previamente. Un atacante remoto podría obtener información sensible. |
|
Solución |
|
Actualización de software Mandriva Mandriva Linux 2007.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-base-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-devel-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-htcacheclean-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_cache-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_dav-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_dbd-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_deflate-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_file_cache-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_ldap-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_proxy-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_ssl-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mod_userdir-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-modules-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mpm-event-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mpm-itk-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mpm-prefork-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-mpm-worker-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/i586/apache-source-2.2.4-6.1mdv2007.1.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-base-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-devel-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-htcacheclean-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_cache-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_dav-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_dbd-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_deflate-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_file_cache-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_ldap-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_proxy-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_ssl-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mod_userdir-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-modules-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mpm-event-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mpm-itk-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mpm-prefork-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-mpm-worker-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/x86_64/apache-source-2.2.4-6.1mdv2007.1.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.1/SRPMS/apache-2.2.4-6.1mdv2007.1.src.rpm Apache Apache 2.2.5-dev http://httpd.apache.org/download.cgi Apache Apache 2.2.6 http://httpd.apache.org/download.cgi |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-1862 |
BID | |
Recursos adicionales |
|
Mandriva Security Advisory (MDKSA-2007:127) http://www.mandriva.com/security/advisories?name=MDKSA-2007:127 Apache httpd 2.2.5-dev http://httpd.apache.org/security/vulnerabilities_22.html Apache httpd 2.2.6 http://httpd.apache.org/security/vulnerabilities_22.html |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2007-06-20 |
1.1 | Aviso emitido por Apache (2.2.5-dev) | 2007-08-01 |
1.2 | Aviso emitido por Apache (2.2.6) | 2007-09-10 |