Apache vulnerability CVE-2011-3192

Similar Messages

• Cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

  Cisco works LMS 4.0 ,Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
  This vulnerability has been fixed in release apache 2.2.20 and further corrected
  in 2.2.21. You are advised to upgrade to version 2.2.21 (or newer) or the
  legacy 2.0.65 release,
  Can any one give the steps to upgrade the apache http server 2.2.10 to 2.2.21 in windows 2008 server?

  For the following PSIRT:
  http://www.cisco.com/en/US/products/csa/cisco-sa-20110830-apache.html
  Download the following patch "lms40-win-Oct2011-su1-0.zip" :
  http://www.cisco.com/cisco/software/release.html?mdfid=283434800&flowid=19062&softwareid=280775103&os=Windows&release=4.0&relind=AVAILABLE&rellifecycle=&reltype=latest
  The instructions should be in the zip file how to install the patch.
  This should cover all theses bugs that you can query in the bug tool kit:
  http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  CSCte45565
  CSCto12712
  CSCto23584
  CSCto23622
  CSCto35544
  CSCto35577
  CSCtq48990

• How severe is the issue relating to apache bug CVE-2011-3368 in SGD

  Hi,
  Just came to know of the following : http://seclists.org/fulldisclosure/2011/Oct/232.
  How does it affect SGD.
  Thanks,

  You can search for the bugs mentioned in My Oracle Support by bug number.
  Also a description uses to be included in the readme coming with the patch.
  As the readme contains instructions on how to install the patch, you need to read it anyway.
  Sybrand Bakker
  Senior Oracle DBA

• CSCuq79267 - UCS Apache 2.2 Vulnerability CVE-2014-0118

  I too am seeing this same behavior. Nessus has found this, and 3 other, vulnerabilities with the Apache version provided by the UCS platform.
  Any fixes in the works? We are currently running firmware 2.2(3c). The release notes for 2.2(3d) and 2.2(3e) do not address CVE-2014-0118.
  EDIT:
  2.2(3f) also does not address these vulnerabilities. Does the UCS version of Apache use the modules that are found faulty according to Nessus?
  Nessus is also reporting the following CVEs related to this one: CVE-2013-6438, CVE-2014-0098, CVE-2013-5704, CVE-2014-0226, and CVE-2014-0231.

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• ESA 8.5.6-092 Update and CVE-2011-1521 vulnerability ?

  I can't find much info on this update my appliances have reported is available to upgrade to and I was wondering if anyone else has installed the 8.5.6-092 update onto a C370 ESA Appliance yet or are we all covered OK as the documentation leads to believe we are covered in 8.5.6-074 release..?

  CVE-2011-1521 was listed as corrected as of 8.5.6-073:
  https://tools.cisco.com/bugsearch/bug/CSCul87605
  This is in the release notes made the release notes for the 8.5.6 HP1 (-092):
  http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_HP1_Release_Notes.pdf
  -Robert

• Are BlackBerry products affected by Samba vulnerability, CVE-2015-0240?

  Samba versions 3.5.0 to 4.2.0rc4 are now known to have a remote code execution vulnerability, CVE-2015-0240. [1] Are BlackBerry products affected?
  [1] https://www.samba.org/samba/security/CVE-2015-0240

  We have updated the release notes to indicate following-
  All versions prior to the following releases are shipping with the vulnerable code. This also includes any train which has already reached end of software maintenance (eg- 3.8.x) 
  15.5(1)S/XE3.14.1S
  15.4(3)S2/XE3.13.3S
  15.4(2)S1/XE3.12.3S
  15.4(1)S3/XE3.11.4S
  15.3(3)S4/XE3.10.6S
  15.2(4)S6/XE3.7.7S
  15.1(3)S7/XE3.4.7S
  Regards,
  Vishnu Asok

• Is AsyncOS vulnerable to New Critical GLibc Vulnerability CVE-2015-0235 (aka Ghost)

  Raising for awareness in the community.
  New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
  https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
  Raised a support case and current update is Cicso is investigating if AsynOS is vulnerable
  Paul

  Currently it is being reviewed and looked into:
  http://tools.cisco.com/security/center/viewAlert.x?alertId=37181
  Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
  Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
  http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html 
  This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
  http://www.cisco.com/go/psirt

• Glibc GHOST vulnerability # CVE-2015-0235.

  Please suggest patch for glibc GHOST vulnerability # CVE-2015-0235 in Oracle Linux server.Please find below details:-
  ./ghost
  Linux JBLDCVSNPRE01 2.6.39-400.214.6.el6uek.x86_64 #1 SMP Thu May 8 03:38:30 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
  Red Hat Enterprise Linux Server release 6.5 (Santiago)
  Installed glibc version(s)
  - glibc-2.12-1.132.el6_5.1.x86_64: vulnerable

  Hi,
  Please refer this links,
  Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
  https://rhn.redhat.com/errata/RHSA-2015-0090.html
  Regards,
  S27

• OpenSSL vulnerability CVE-2014-0224

  My customer want to know whether ASE is affected by the following OpenSSL vulnerability in http://www.openssl.org/news/secadv_20140605.txt
        SSL/TLS MITM vulnerability (CVE-2014-0224),
        DTLS recursion flaw (CVE-2014-0221)
        DTLS invalid fragment vulnerability (CVE-2014-0195)
        SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
        SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
        Anonymous ECDH denial of service (CVE-2014-3470)
  Can you help me to confirm the above question?

  You have clearly double posted this question in two groups.
  So the first question goes back to you.
  Are you Running SAP Applications on ASE, if so this is not the proper group?

• Does vulnerability CVE-2013-3336 apply to CF8.0?

  The release note was confused.
  Adobe has identified a critical vulnerability affecting ColdFusion 10, 9.0.2, 9.0.1, 9.0, and earlier versions for Windows, Macintosh, and UNIX. This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server.

  I think ColdFusion 8 is ignored simply because it is no longer current, and is in fact heading for end-of-life. See Adobe's end-of-life matrix.

• Oracle Database Control Component Unspecified Vulnerability (CVE-2007-5530)

  Hi experts,
  Recently we are getting some vulnerabilities on one of our server. But we are unable to download and find patches which were mentioned in that.
  Ex:
  Oracle Database Control Component Unspecified Vulnerability (CVE-2007-5530)
  Oracle Database OLAP Component Unspecified Vulnerability (CVE-2008-3997)
  The entire report is showing these patch names, can you please suggest where i have to download these patches. I searched these in metalink but didn't found anything.
  *These are coming on one of our SAP appliation. so i am requesting suggetion here.
  Regards
  Nick Loy

  Nick,
  Check below links.
  http://secunia.com/advisories/cve_reference/CVE-2008-3997/
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
  http://secunia.com/advisories/cve_reference/CVE-2007-5530/
  http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
  http://www.juniper.net/security/auto/vulnerabilities/vuln26039.html..
  Hope this helps you.
  Thanks,
  Sushil

• Does the SSL cert vulnerability affect the original iphone? CVE-2011-0228

  The software update for iOS 4.3.5 claims that a patched vulnerability doesn't affect the original iPhone
  Products Affected: iPad, iPod touch (3rd generation), iPhone 4, iPod touch (4th generation), iPhone 3GS, Product Security
  Available for: iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad
  However, the original security advisory which prompted this security update implies that it is affected:
  Version affected:  Versions Prior to 5.0b4, 4.3.5, and 4.2.10
  Can anyone clarify if the original iPhone is affected?

  Hi Ramkumar,
  The report is complaining that the Certificate Authority who signed the ID certificate presented by the ASA used a weak hashing algorithm. First, you need to determine who signed the certificate.
  If the certificate is self-signed by the ASA, you can generate a new certificate and use SHA1 as the hashing algorithm. To do this, the ASA needs to be running a software version that is at least 8.2(4) (8.3 and 8.4 software also support SHA1).
  If the certificate is signed by an external CA, you need to contact them and ask them to sign a new certificate for you using SHA instead of MD5.
  The links you posted have more information on this as well. Hope that helps.
  -Mike

• GHOST Security Vulnerability - CVE 2015-0235

  Dear All,
  I have 2 units of Xserve running on Maverick OS 10.9.5
  Is the Maverick OS 10.9.5 vulnerable to GHOST CVE 2015-0235 threat?
  If yes where can I download the patches?
  Please advise
  Thanks
  Izzychunwei

  No known threat to Macs at present, but will have to wait for confirmation from Apple.
  Have a read here https://jamfnation.jamfsoftware.com/discussion.html?id=13156
  Cheers
  Pete

• Linux Ghost Vulnerability CVE-2015-0235

  Just heard about this, the bug is old (discovered around 2013 I believe) but was just released as a security advisory today or yesterday.
  This link shows you how to determine if your system is vulnerable, and how to patch the bug although it doesn't include how to patch on arch systems. I tested my system and it isn't vulnerable, so for the most part if you keep your system up to date it shouldn't be vulnerable either, but it doesn't hurt to check!
  http://www.cyberciti.biz/faq/cve-2015-0 … hel-linux/

  Trilby wrote:I was about to post in this in our grr thread.  Archlinux had the fixed glibc version over a year and a half ago.  Those who say the sky is falling really need to stop and actually look outside once in a while (not referring to this thread - but to my university's IT "professional" who sent out the dumbest email about this to the entire university acting like it was the end of the world).
  On Google+, there's a guy (who I won't name) going around promoting his article about this security vulnerability, which incidentally written in such a way that mother said "so, all Linux devices, including Android phones, are affected, right?". Same guy seems to write articles monthly about how Linux is dying on the Desktop Computer...
  On that note, I wonder whether we need to keep this thread open before it turns into a GRR-fest.

• Schannel and TLS 1.x padding vulnerability (CVE-2014-8730)

  Hi all,
  Is the implementation of TLS by Microsoft Secure Channel (Schannel) (http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx) affected by "CVE-2014-8730 TLS 1.x padding vulnerability"?
  Please see the following links for more details about this vulnerability:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
  https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
  Is there a confirmation from Microsoft that Schannel is not affected by this vulnerability?
  Regards,
  Sanjay

  No, Microsoft SChannell is not affected.Only F5 products are affected:
  http://www.securityfocus.com/bid/71549
  Vadims Podāns, aka PowerShell CryptoGuy
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell File Checksum Integrity Verifier tool.
  i know some Windows 2008 System which are affected?! Why?