Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting

Title : Fedora Security Update Fixes httpd Denial of Service and Cross Site Scripting
VUPEN ID : VUPEN/ADV-2007-3269
CVE ID : CVE-2007-4465
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-26

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Two vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or execute arbitrary scripting code. These issues are caused by errors in httpd. For additional information, see : VUPEN/ADV-2007-3020

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f2d7130ea550e25331f14cff26066fbc9a978abd SRPMS/httpd-2.2.6-1.fc6.src.rpm
f2d7130ea550e25331f14cff26066fbc9a978abd noarch/httpd-2.2.6-1.fc6.src.rpm
2194fc3927adaf1b9784bcadcfeaee941a419f8b ppc/debug/httpd-debuginfo-2.2.6-1.fc6.ppc.rpm
49f865e0fc193b89590202b5ca66a012ccc3fc4f ppc/httpd-devel-2.2.6-1.fc6.ppc.rpm
3db0e4f54f9d9cab85243d6c134a97ce748f9688 ppc/mod_ssl-2.2.6-1.fc6.ppc.rpm
566e7527c04b7358f99f800412a669ebcb0c5438 ppc/httpd-2.2.6-1.fc6.ppc.rpm
5af15e960f40607bbe6b62f63d979278b360b4c1 ppc/httpd-manual-2.2.6-1.fc6.ppc.rpm
2b0502d4915d3fab6417963d971f484c7215b419 x86_64/debug/httpd-debuginfo-2.2.6-1.fc6.x86_64.rpm
c3f8001e0c99f8847f286d48abb76461e77bc80d x86_64/httpd-manual-2.2.6-1.fc6.x86_64.rpm
761c0ce29a2e40191f3f1b0f0575d507c0e61b7a x86_64/httpd-devel-2.2.6-1.fc6.x86_64.rpm
897dda6971bc3c1fa65cb61acf0f370b3c6743ad x86_64/mod_ssl-2.2.6-1.fc6.x86_64.rpm
13224b1e1e34639fbe61778db72e36896937752c x86_64/httpd-2.2.6-1.fc6.x86_64.rpm
ea0c36272d58058375243fd083baa4cf7cdd1410 i386/httpd-manual-2.2.6-1.fc6.i386.rpm
9309193f84872e474773559dd588f1c96fa6b72e i386/debug/httpd-debuginfo-2.2.6-1.fc6.i386.rpm
a219ca1f181e2a0d5161423ad5226ff37770cec0 i386/httpd-devel-2.2.6-1.fc6.i386.rpm
d1cd17eeef15e89ea514d6795a408452092ae552 i386/mod_ssl-2.2.6-1.fc6.i386.rpm
f60adf43a42115b4a3c3f4ae1e65eb1fc08c5de9 i386/httpd-2.2.6-1.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/3269
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html

ChangeLog

2007-09-26 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy