<< Previous Next >>
HTTP Server
Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege.
References: CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.22 or earlier
HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.34 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Syhunt Advisory: Visual Synapse HTTP Server Directory Traversal
Vulnerability
Advisory-ID: 201010071
Discovery Date: 09.07.2010
Release Date: 10.07.2010
Affected Applications: Visual Synapse HTTP Server 1.0 RC3, 1.0
RC2, 1.0 RC1, 0.60 and previous releases; And any applications
using the Visual Synapse HTTP Server component
Class: Directory Traversal
'/nps/servlet/webacc/'.
2. For [CVE-2010-1930 | 40485], establish a Web Application
Firewall rule for limiting the length of the parameter 'Tree' in POST
requests to the URI '/nps/servlet/webacc/'.
Similar rules can also be established in the Apache webserver of the
iManager installation in order to mitigate these flaws.
7. *Credits*
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Philipp Krammer reported that he notifed the vendor over five years
ago, in January 2003. http://www.securityfocus.com/archive/1/339163
What's new is
1) The vendor has released another major version of the
affected software, Apache web server 2.2, with the same flaw.
2) While no official patch is available (due to the vendor's inaction),
an unofficial patch is now available.
-Peter
http://www.tux.org/~peterw/
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0010
Synopsis: VMware Hosted products update libpng and Apache HTTP
Server
Issue date: 2009-08-20
Updated on: 2009-08-20 (initial release of advisory)
CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863
CVE-2006-5752 CVE-2007-3304 CVE-2007-6388
CVE-2007-5000 CVE-2008-0005
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0012
Synopsis: VMware vCenter Update Manager fix for Jetty Web
server addresses important security vulnerabilities
Issue date: 2010-07-19
Updated on: 2010-07-19 (initial release of advisory)
CVE numbers: CVE-2009-1523 CVE-2009-1524
- ------------------------------------------------------------------------
[DCA-0008]
[Software]
- Quick 'n Easy WEB Server
[Vendor Product Description]
- Do you want run your own personal webserver or just want to test
your ASP/PHP scripts before you upload them to your webhosting server?
[Discussion]
- DcLabs Security Research Group advises about the following vulnerability(ies):
[Software]
- Hiawatha WebServer 7.4
[Vendor Product Description]
- Hiawatha is an open source webserver with a focus on security. I
started Hiawatha in January 2002. Before that time, I had used several
webservers, but I didn't like them. They had unlogical, almost cryptic
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02997184
Version: 1
HPSBUX02702 SSRT100606 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-08
Last Updated: 2011-09-08
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03025215
Version: 2
HPSBUX02707 SSRT100626 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-26
Last Updated: 2011-10-26
Impact
None. It was thought to be an arbitrary execution risk, but as noted by
the Secunia Research team, an administrator can change the virtual root
and can upload files to any directory in the web server. This reference
is kept because it is a bug worth noticing and the patch included with
in this document patches both bugs.
Preconditions
From: Rohit Patnaik [mailto:quanticle@gmail.com]
Sent: Tuesday, December 15, 2009 6:29 PM
To: Thor (Hammer of God)
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] File Access Vulnerability in Easy File Sharing Web Server
Wow. Very nice find. One question: all the cited tools are Windows executables. Has there been any attempt to run the database viewer in Linux via Wine? I'm wondering if I'm going to have to set up a VM to try to confirm this, or if I can try to do this via Wine.
Although the n3td3v drama is entertaining, its finds like this which keep me subscribed to this list.
connections on the inside interface from the 192.168.10.0/24 network.
Note: You cannot use Telnet to the lowest security interface unless
you use Telnet inside an IPSec tunnel.
ASDM management sessions are enabled via the http server enable and
http commands.
The ssh command is used identify the IP addresses from which the
security appliance accepts SSH connections. For example:
For Public Release 2009 January 14 1600 UTC (GMT)
Cisco Response:
"Two separate Cisco IOS® Hypertext Transfer Protocol (HTTP) cross-site
scripting (XSS) vulnerabilities have been reported to Cisco [...]
This response covers two separate cross-site scripting vulnerabilities
within the Cisco IOS Hypertext Transfer Protocol (HTTP) server
(including HTTP secure server - here after referred to as purely HTTP
Server) and applies to all Cisco products that run Cisco IOS Software
versions 11.0 through 12.4 with the HTTP server enabled.
};
QO99896
CA Service Desk Dashboard component:
QO99895
CA Service Desk Web Screen Painter component:
QO99894
CA Service Desk Web Server component:
QO99893
CA Service Desk Server component:
QO99892
AIX:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Content Delivery System Internet
Streamer: Web Server Vulnerability
Advisory ID: cisco-sa-20110525-spcdn
Revision 1.0
-----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0014
Synopsis: VMware vCenter Update Manager fix for Jetty Web server
addresses directory traversal vulnerability
Issue date: 2011-11-17
Updated on: 2011-11-17 (initial release of advisory)
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
While doing a quick sweep over the code base of FreeWebshop.org (FWS)
several vulnerabilities have been found in FWS. These vulnerabilities
allow attackers to obtain arbitrary information from the webserver and
database. It is even possible to execute arbitrary code with the
privileges of FWS. In some cases it may even be possible to fully
compromise the system on which FWS is installed. Most of these issues
are related to the fact that FWS fully trusts the content of the cookies
that it receives. These issues were discovered within a very small
The reason for security in depth is precisely because no security controls
are foolproof. The point isn't to make a system completely unbreakable,
but to raise the bar for what is required in order to extend their access
beyond what they already control.
Lets take a webserver as an example.
Your webserver only requires ports 80 and 443 listening to the world, so
you deploy a firewall in front of it restricting access to just those
ports.
> The reason for security in depth is precisely because no security controls
> are foolproof. The point isn't to make a system completely unbreakable,
> but to raise the bar for what is required in order to extend their access
> beyond what they already control.
>
> Lets take a webserver as an example.
>
> Your webserver only requires ports 80 and 443 listening to the world, so
> you deploy a firewall in front of it restricting access to just those
> ports.
>
in apr-util:
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Advisory URL: http://securityreason.com/achievement_securityalert/49
Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
mod_proxy_ftp : http://httpd.apache.org/docs/2.2/mod/mod_proxy_ftp.html
Advisory URL: http://securityreason.com/achievement_securityalert/50
Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and
maintain an open-source HTTP server for modern operating systems
including UNIX and Windows NT. The goal of this project is to
provide a secure, efficient and extensible server that provides
HTTP services in sync with the current HTTP standards.
Advisory URL: http://securityreason.com/achievement_securityalert/46
Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
- YOPS (Your Open Personal [WEB] Server)
[Vendor Product Description]
- YOPS (Your Own Personal [WEB] Server) is a small SEDA-like HTTP
server for Linux OS written in C. There are 7 stages (accept, parse,
launch, fetch, error, send and log), and pipes are used as interstage
channels.
[Bug Description]
The first weakness affecting the Cisco CSS is that, in a typical client
certificate configuration, HTTP clients may confuse web applications by
injecting their own certificate headers. When utilizing the CSS to
terminate SSL communications, SSL client certificates are first
authenticated by the CSS. From there, the CSS will normally pass the
client's identity to the back-end web server in the form of several HTTP
headers as shown below:
ClientCert-Subject: XXX
ClientCert-Subject-CN: XXX
ClientCert-Fingerprint: XXX
File Access Vulnerability in Easy File Sharing Web Server
Discovered by:
Timothy "Thor" Mullen
Testing by Steve "Raging Haggis" Moffat, Hammer of God, Bermuda Labs
Product: Easy File Sharing Web Server, current versions, default installation
Vendor: http://www.sharing-file.com/
is used worldwide.
A security vulnerability was discovered in LANDesk Management Suite: a
cross-site request forgery which allows an external remote attacker to
make a command injection that can be used to execute arbitrary code
using the webserver user. As a result, an attacker can remove the
firewall and load a kernel module, allowing root access to the
appliance. It also can be used as a non-persistent XSS.
In order to be able to successfully make the attack, the administrator
must be logged in to the appliance with the browser that the attacker
Apache HTTP Server 2.2.22 Released
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.22 of the Apache HTTP
Server ("Apache"). This version of Apache is principally a security
and bug fix release, including the following significant security fixes:
* SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
<<Previous Next>>
|
