Abrir sesión
logo

DEFENSA FRENTE A LAS CIBERAMENAZAS

barra-separadora

Boletines de Vulnerabilidades


Cross site scripting en el modulo mod_imap sobre Apache 1.3

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de la visibilidad
Dificultad Avanzado
Requerimientos del atacante Acceso remoto sin cuenta a un servicio estandar

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado Apache 1.3 <1.3.35
Apache 2.0 <2.0.56
Apache 2.2 <2.2.1
HP OpenView Network Node Manager 6.41
HP OpenView Network Node Manager 7.01
HP OpenView Network Node Manager 7.51

Descripción

Se ha descubierto una vulnerabilidad en las ramas 1.3 y 2.0 de Apache, concretamente en las versiones anteriores a la 1.3.35 y 2.0.56. Se trata de una vulnerabilidad de cross site scripting en el modulo mod_imap.

La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código Web arbitrario mediante mapas de imagen con un atributo "Referer" especialmente diseñado.

Solución

Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo.


Actualización de software

Apache
Apache 1.3.35-dev
Apache 2.0.56-dev
Apache 2.2.1-dev
http://httpd.apache.org/download.cgi

Red Hat (httpd)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
https://rhn.redhat.com/

Mandriva

Mandrakelinux 10.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-common-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-devel-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-manual-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_cache-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_dav-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_deflate-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_disk_cache-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_file_cache-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_ldap-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_mem_cache-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_proxy-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-modules-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-source-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/apache2-worker-2.0.50-7.6.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/apache2-2.0.50-7.6.101mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/apache2-mod_ssl-2.0.50-4.4.101mdk.src.rpm

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-common-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-devel-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-manual-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_cache-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_dav-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_deflate-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_disk_cache-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_file_cache-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_ldap-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_mem_cache-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_proxy-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-modules-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-peruser-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-source-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/apache2-worker-2.0.53-9.4.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/apache2-2.0.53-9.4.102mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/apache2-mod_ssl-2.0.53-8.3.102mdk.src.rpm

Mandrivalinux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-base-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-devel-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_cache-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_dav-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_deflate-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_disk_cache-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_file_cache-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_ldap-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_mem_cache-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_proxy-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-modules-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mod_userdir-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mpm-peruser-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mpm-prefork-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-mpm-worker-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/apache-source-2.0.54-13.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/apache-2.0.54-13.2.20060mdk.src.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/apache-mod_ssl-2.0.54-6.1.20060mdk.src.rpm

SGI
Advanced Linux Environment 3 / RPM / Patch 10258
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
Advanced Linux Environment 3 / SRPM / Patch 10258
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Suse Linux
Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux

Hewlett-Packard
HP-UX B.11.00, B.11.11, HP-UX B.11.23 / Apache-based Web Server v.2.0.58.00
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

Debian Linux

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
Architecture independent
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb
http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb
Alpha architecture
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb
AMD64
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb
ARM
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb
HP Precision
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb
Intel IA-32
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb

Red Hat Linux (apache)
Red Hat Stronghold for Enterprise Linux
https://rhn.redhat.com/

Sun (102662)
Solaris 10 / SPARC / patch / 120543-06
Solaris 10 / x86 / patch / 120544-06
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Sun (102663)
Solaris 8 / SPARC / patch 116973-05
Solaris 8 / x86 / patch 116974-05
Solaris 9 / SPARC / patch 113146-08
Solaris 9 / x86 / patch 114145-07
Solaris 10 / SPARC / patch 122911-02
Solaris 10 / x86 / patch 122912-02
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Hewlett-Packard (HPSBMA02328)
HP OpenView Network Node Manager 7.51 / HP-UX (IA) / PHSS_36386
HP OpenView Network Node Manager 7.51 / HP-UX (PA) / PHSS_36385
HP OpenView Network Node Manager 7.51 / Solaris / PSOV_03479
HP OpenView Network Node Manager 7.51 / Linux RedHatAS2.1 / LXOV_00052
HP OpenView Network Node Manager 7.01 / HP-UX (PA) / PHSS_36773
HP OpenView Network Node Manager 7.01 / Solaris / PSOV_03480
HP OpenView Network Node Manager 6.41 / HP-UX (PA) / PHSS_37141
HP OpenView Network Node Manager 6.41 / Solaris / PSOV_03489

Identificadores estándar

Propiedad Valor
CVE CVE-2005-3352
BID 15834

Recursos adicionales

Apache httpd 1.3 vulnerabilities
http://httpd.apache.org/security/vulnerabilities_13.html

Apache httpd 2.0 vulnerabilities
http://httpd.apache.org/security/vulnerabilities_20.html

Apache httpd 2.2 vulnerabilities
http://httpd.apache.org/security/vulnerabilities_22.html

Red Hat Security Advisory RHSA-2006:0159-8
https://rhn.redhat.com/errata/RHSA-2006-0159.html

Red Hat Security Advisory (RHSA-2006:0158-4)
https://rhn.redhat.com/errata/RHSA-2006-0158.html

Red Hat Security Advisory RHSA-2006:0692-4
https://rhn.redhat.com/errata/RHSA-2006-0692.html

Mandriva Security Advisory (MDKSA-2006:007)
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007

SGI Security Advisory (20060101-01-U)
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc

SUSE Security Summary Report (SUSE-SR:2006:004)
http://www.novell.com/linux/security/advisories/2006_04_sr.html

SUSE Security Advisory (SUSE-SA:2006:043)
http://www.novell.com/linux/security/advisories/2006_43_apache.html

HP SECURITY BULLETIN (HPSBUX02145)
http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=c00760969

HP SECURITY BULLETIN (HPSBMA02328)
https://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01428449-2

Debian Security Advisory DSA 1167-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00257.html

Sun Alert Notification (102662)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1

Sun Alert Notification (102663)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1

SUSE Security Summary Report (SUSE-SR:2007:011)
http://www.novell.com/linux/security/advisories/2007_11_sr.html

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2005-12-20
1.1 Aviso emitido por Red Hat (RHSA-2006:0159-8) 2006-01-06
1.2 Aviso emitido por Mandriva (MDKSA-2006:007) 2006-01-09
1.3 Aviso emitido por Red Hat (RHSA-2006:0158-4) 2006-01-17
1.4 Aviso emitido por SGI (20060101-01-U) 2006-01-19
1.5 Aviso emitido por Suse (SUSE-SR:2006:004) 2006-03-01
1.6 Aviso emitido por Apache 2006-03-22
1.7 Aviso emitido por Suse (SUSE-SA:2006:043) 2006-07-31
1.8 Aviso emitido por HP (HPSBUX02145) 2006-09-01
1.9 Aviso emitido por Debian (DSA 1167-1) 2006-09-05
1.10 Aviso emitido por Red Hat (RHSA-2006:0692-4) 2006-10-04
1.11 Aviso emitido por Sun (102662, 102663) 2006-10-17
1.12 Aviso actualizado por Sun (102663) 2006-12-05
1.13 Aviso emitido por Suse (SUSE-SR:2007:011) 2007-05-18
1.14 Aviso emitido por HP (HPSBMA02328) 2008-04-22
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración