News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
July 29, 2014, 10:49:08
Pages: [1]   Go Down
  Print  
Topic: Apache updates/vulns  (Read 40 times)
0 Members and 1 Guest are viewing this topic.
« on: July 21, 2014, 06:31:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8174



FYI...

Apache 2.4.10 released
- https://secunia.com/advisories/60170/
Release Date: 2014-07-21
Criticality: Moderately Critical
Where: From remote
Impact: DoS
Solution Status: Vendor Workaround
Software: Apache HTTP Server 2.4.x
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226 - 6.8
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3523 - 5.0
... vulnerabilities are reported in versions 2.4.9 and prior...
Original Advisory: Apache:
- https://httpd.apache.org/security/vulnerabilities_24.html
"... security vulnerabilities fixed in released versions of Apache httpd 2.4..."

> https://httpd.apache.org/download.cgi#apache24
Stable Release - Latest Version: 2.4.10 (released 2014-07-21)

ZDI: http://zerodayinitiative.com/advisories/ZDI-14-239/

- http://news.netcraft.com/archives/2014/06/06/june-2014-web-server-survey.html
___

- http://www.securitytracker.com/id/1030615
CVE Reference: CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3523
July 21 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.4.10 ...

 Exclamation
« Last Edit: July 24, 2014, 03:43:14 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.619 seconds with 19 queries.