News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 01, 2014, 02:31:39
Pages: [1]   Go Down
  Print  
Topic: Apache updates/vulns  (Read 234 times)
0 Members and 1 Guest are viewing this topic.
« on: July 21, 2014, 06:31:26 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8295



FYI...

Apache 2.4.10 released
- https://secunia.com/advisories/60170/
Release Date: 2014-07-21
Criticality: Moderately Critical
Where: From remote
Impact: DoS
Solution Status: Vendor Workaround
Software: Apache HTTP Server 2.4.x
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118 - 4.3
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226 - 6.8
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231 - 5.0
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3523 - 5.0
... vulnerabilities are reported in versions 2.4.9 and prior...
Original Advisory: Apache:
- https://httpd.apache.org/security/vulnerabilities_24.html
"... security vulnerabilities fixed in released versions of Apache httpd 2.4..."

> https://httpd.apache.org/download.cgi#apache24
Stable Release - Latest Version: 2.4.10 (released 2014-07-21)

ZDI: http://zerodayinitiative.com/advisories/ZDI-14-239/

- http://news.netcraft.com/archives/2014/06/06/june-2014-web-server-survey.html
___

- http://www.securitytracker.com/id/1030615
CVE Reference: CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3523
July 21 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.4.10 ...

 Exclamation
« Last Edit: July 24, 2014, 03:43:14 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: August 20, 2014, 06:31:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8295



FYI...

Apache OFBiz 12.04.04 released
- http://www.securitytracker.com/id/1030739
CVE-2014-0232
Aug 19 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): 12.04.* prior to 12.04.04, 11.04.* prior to 12.04.04 ...

> https://ofbiz.apache.org/download.html

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: August 28, 2014, 08:27:18 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8295



FYI...

Apache HttpComponents client updated
- https://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577
18 Aug 2014 - "Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
Background: During an SSL connection (https) the client verifies the hostname in the URL against the hostname as encoded in the servers certificate (CN, subjectAlt fields). This is to ensure that the client connects to the 'real' server, as opposed to something in middle (man in the middle) that may compromise end to end confidentiality and integrity..."

> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577 - 5.8
Last revised: 08/21/2014

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.197 seconds with 19 queries.