Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Производитель ПО
Наименование ПО
Apache HTTP Server
(1.3.0, 1.3.41, 2.0.35, 2.0.62-dev, 2.2.0, 2.2.7-dev)
Apache
(B.2.0.59.00.3)
httpd
(Unknown)
mod_ssl
(Unknown)
Описание
Межсайтовое выполнение сценариев в mod_status в Apache HTTP Server, когда доступна страница статуса сервера, позволяет злоумышленникам, действующим удаленно, внедрить произвольный веб-сценарий или HTML-код.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://www.apache.org/
http://www.apache.org/
Ссылки
http://httpd.apache.org/security/vulnerabilities_13.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
FRSIRT (ADV-2008-0047): http://www.frsirt.com/english/advisories/2008/0047
SECTRACK (1019154): http://securitytracker.com/id?1019154
MANDRIVA (MDVSA-2008:014): http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
MANDRIVA (MDVSA-2008:015): http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
REDHAT (RHSA-2008:0004): http://www.redhat.com/support/errata/RHSA-2008-0004.html
REDHAT (RHSA-2008:0005): http://www.redhat.com/support/errata/RHSA-2008-0005.html
REDHAT (RHSA-2008:0006): http://www.redhat.com/support/errata/RHSA-2008-0006.html
REDHAT (RHSA-2008:0007): http://www.redhat.com/support/errata/RHSA-2008-0007.html
REDHAT (RHSA-2008:0008): http://www.redhat.com/support/errata/RHSA-2008-0008.html
BID (27237): http://www.securityfocus.com/bid/27237
MANDRIVA (MDVSA-2008:016): http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
UBUNTU (USN-575-1): http://www.ubuntu.com/usn/usn-575-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf
FRSIRT (ADV-2008-0447): http://www.frsirt.com/english/advisories/2008/0447/references
HP (HPSBUX02313): http://www.securityfocus.com/archive/1/archive/1/488082/100/0/threaded
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
FRSIRT (ADV-2008-0047): http://www.frsirt.com/english/advisories/2008/0047
SECTRACK (1019154): http://securitytracker.com/id?1019154
MANDRIVA (MDVSA-2008:014): http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
MANDRIVA (MDVSA-2008:015): http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
REDHAT (RHSA-2008:0004): http://www.redhat.com/support/errata/RHSA-2008-0004.html
REDHAT (RHSA-2008:0005): http://www.redhat.com/support/errata/RHSA-2008-0005.html
REDHAT (RHSA-2008:0006): http://www.redhat.com/support/errata/RHSA-2008-0006.html
REDHAT (RHSA-2008:0007): http://www.redhat.com/support/errata/RHSA-2008-0007.html
REDHAT (RHSA-2008:0008): http://www.redhat.com/support/errata/RHSA-2008-0008.html
BID (27237): http://www.securityfocus.com/bid/27237
MANDRIVA (MDVSA-2008:016): http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
UBUNTU (USN-575-1): http://www.ubuntu.com/usn/usn-575-1
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf
FRSIRT (ADV-2008-0447): http://www.frsirt.com/english/advisories/2008/0447/references
HP (HPSBUX02313): http://www.securityfocus.com/archive/1/archive/1/488082/100/0/threaded