httpd-2.2.3-11.4.1AXS3
エラータID: AXSA:2008-483:04
リリース日:
2008/11/25 Tuesday - 21:24
題名:
httpd-2.2.3-11.4.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ia64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache HTTP Server の mod_proxy モジュールには、mod_proxy_http.c の ap_proxy_http_process_response() 関数おいて、暫定レスポンスの転送の数に制限がないため、サービス運用妨害 (DoS) となる脆弱性が存在します。 (CVE-2008-2364)
- Apache の mod_proxy_ftp モジュールには、proxy_ftp.c および mod_proxy_ftp.c において、FTP URI パス名のワイルドカードの取り扱いに不備があり、クロスサイトスクリプティングの脆弱性が存在します。 (CVE-2008-2939)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- httpd-2.2.3-11.4.1AXS3.i386.rpm
MD5: 4706383a722da6dd31e700532f516a77
SHA-256: 6fb453bf823c0de8ae5bc166955134905b82ddf942b777374bf164e9346361cd
Size: 1.08 MB - httpd-devel-2.2.3-11.4.1AXS3.i386.rpm
MD5: 552dcb738ceb11ee171beda4d9f98955
SHA-256: 2b2e9a0508e13d4b9cdbff0df46ae19d5d8f337558bf02675386da530c4ace81
Size: 148.53 kB - httpd-manual-2.2.3-11.4.1AXS3.i386.rpm
MD5: 17aa105e47fdce39c3970e3632ca5347
SHA-256: cd62a3fc7765a280d717340c86b044b4e9447c443bd558959293b962f8a72c1e
Size: 841.50 kB - mod_ssl-2.2.3-11.4.1AXS3.i386.rpm
MD5: ebc10cfcabb8f252d09ad96be919cb19
SHA-256: 5d0583cce7c88768fa19ad3f1efa7894d925b71517bbb6b591c9891d01a3274f
Size: 84.97 kB
Asianux Server 3 for x86_64
- httpd-2.2.3-11.4.1AXS3.x86_64.rpm
MD5: d047934f541ca48df4c9be7a48a98589
SHA-256: ff16660472c1c49732c74313e3c7704e694bbde7dc887f91411fa8744b0c0bd1
Size: 1.09 MB - httpd-devel-2.2.3-11.4.1AXS3.x86_64.rpm
MD5: bedb740024c14a656f6681322bf3a2a1
SHA-256: 2069e0c583dda546245c257a41f11aa448be069c763ae5dcd461794e5e65f5db
Size: 148.31 kB - httpd-manual-2.2.3-11.4.1AXS3.x86_64.rpm
MD5: f03318b654c1bcfcf056d7d79ca84f09
SHA-256: c9570379444d3fd1b74ba2a5bf361c2a0f38b81aeeb9b00c943f1011149c84f3
Size: 841.82 kB - mod_ssl-2.2.3-11.4.1AXS3.x86_64.rpm
MD5: 6e4f86627c60bb7df6b3bfccd14da4b0
SHA-256: f3aac0175fe4693f8cbdc0e6b523303410fb2b91a52d23165d0a1b73a8234039
Size: 85.17 kB