Inprise
سه شنبه 23 دی 1382, 10:15 صبح
سلام
نقطه ضعف خطرناکی از نوع Buffer Overrun در ماژولهای mod_alias و mod_rewrite وب سرور متداول و معروف Apache گزارش شده که میتونه به یک کاربر راه دور دسترسی مدیریتی به سرور وب بده . ( صحیح تر : توانائی ایجاد شده به میزان توانائی کاربری است که Apache بوسیلهء آن و با حقوق آن اجرا شده است )
وب سرور و نگارشهای دارای این نقطه ضعف :
<span dir=ltr>
Apache Software Foundation Apache 1.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 sparc
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 sparc
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0 sparc
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.11
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 3.5.1
- FreeBSD FreeBSD 4.2
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.0 4
- HP HP-UX 11.11
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
- NetBSD NetBSD 1.5
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 2.9
+ OpenBSD OpenBSD 3.0
- RedHat Linux 6.2
- RedHat Linux 7.0
- RedHat Linux 7.1
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2 i386
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.8
- SGI IRIX 6.5.9
- Sun Solaris 7.0
- Sun Solaris 8.0
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.20
- HP HP-UX 11.22
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 sparc
+ SGI IRIX 6.5.12
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.18
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ Sun Solaris 8.0
+ Sun Solaris 8.0 _x86
+ Sun Solaris 9.0
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0 i386
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle9i Application Server 1.0.2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 9.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.5
+ HP VirtualVault 4.6
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.28
+ OpenBSD OpenBSD 3.4
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 8.0
+ RedHat Linux 9.0 i386
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.42
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.6
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.46
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
SGI ProPack 2.3
Slackware Linux -current
Slackware Linux 8.1
Slackware Linux 9.0
Slackware Linux 9.1
</span>
نوع خطر : فوق العاده حساس ( Critical )
Exploit : هنوز Exploit عملیاتی برای پوشش دادن به این Vuln منتشر نشده .
راه حل : بسته به اینکه از کدام نسخه و نگارش استفاده میکنید راه حلها متفاوت هستند . برای رفع این مشکل به مجموعه توزیع کننده Apache خود بروید و حول عنوان Latest Advisory جستجو کنید .
توزیع کنندهء اصلی Apache هم در این آدرس افزونه های نرم افزاری خاصی برای حمایت از کاربران Apache منتشر کرده است :
<span dir=ltr>
Apache Software Foundation Apache 1.3:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.1:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.3:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.4:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.6:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.9:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.11:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.12:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.14:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.17:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.18:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.19:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.20:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.22:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.23:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.24:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.25:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.26:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.27:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Immunix Upgrade apache-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-1.3.27-1.7.1_imnx_2.i386.rpm
Immunix Upgrade apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
Immunix Upgrade apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm
Apache Software Foundation Apache 1.3.28:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 2.0:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.28:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.32:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.35:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.36:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.37:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.38:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.39:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.40:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
RedHat Patch httpd-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.9.i386.rpm
RedHat Patch httpd-devel-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.9.i386.rpm
RedHat Patch httpd-manual-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.9.i386.rpm
RedHat Patch mod_ssl-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.9.i386.rpm
RedHat Patch httpd-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.9.i386.rpm
RedHat Patch httpd-devel-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.9.i386.rpm
RedHat Patch httpd-manual-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.9.i386.rpm
RedHat Patch mod_ssl-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.9.i386.rpm
Apache Software Foundation Apache 2.0.41:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.42:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.43:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.44:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.45:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.46:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.47:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
</span>
خوش و موفق و UptoDate باشید
اینپرایز
نقطه ضعف خطرناکی از نوع Buffer Overrun در ماژولهای mod_alias و mod_rewrite وب سرور متداول و معروف Apache گزارش شده که میتونه به یک کاربر راه دور دسترسی مدیریتی به سرور وب بده . ( صحیح تر : توانائی ایجاد شده به میزان توانائی کاربری است که Apache بوسیلهء آن و با حقوق آن اجرا شده است )
وب سرور و نگارشهای دارای این نقطه ضعف :
<span dir=ltr>
Apache Software Foundation Apache 1.3
- Microsoft Windows 2000 Workstation
- Microsoft Windows NT 4.0
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 sparc
Apache Software Foundation Apache 1.3.4
+ BSDI BSD/OS 4.0
Apache Software Foundation Apache 1.3.6
+ Sun Cobalt ManageRaQ3 3000R-mr
+ Sun Cobalt RaQ3 3000R
+ Sun Cobalt Velociraptor
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 sparc
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0 sparc
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.11
Apache Software Foundation Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.19
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
+ Debian Linux 2.3
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
- Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
- Digital (Compaq) TRU64/DIGITAL UNIX 5.0
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 3.5.1
- FreeBSD FreeBSD 4.2
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.0 4
- HP HP-UX 11.11
+ HP Secure OS software for Linux 1.0
- HP VirtualVault 4.5
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.1
- NetBSD NetBSD 1.5
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.8
+ OpenBSD OpenBSD 2.9
+ OpenBSD OpenBSD 3.0
- RedHat Linux 6.2
- RedHat Linux 7.0
- RedHat Linux 7.1
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2 i386
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SGI IRIX 6.5.8
- SGI IRIX 6.5.9
- Sun Solaris 7.0
- Sun Solaris 8.0
Apache Software Foundation Apache 1.3.20
- HP HP-UX 11.20
- HP HP-UX 11.22
+ MandrakeSoft Single Network Firewall 7.2
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 sparc
+ SGI IRIX 6.5.12
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.14
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.15
+ SGI IRIX 6.5.16
+ SGI IRIX 6.5.17
+ SGI IRIX 6.5.18
+ Slackware Linux 8.0
+ Sun Cobalt Control Station 4100CS
+ Sun Cobalt RaQ 550
Apache Software Foundation Apache 1.3.22
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 8.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.1
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 sparc
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 ia64
+ Sun Solaris 8.0
+ Sun Solaris 8.0 _x86
+ Sun Solaris 9.0
Apache Software Foundation Apache 1.3.23
- IBM AIX 4.3
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0 i386
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
Apache Software Foundation Apache 1.3.24
+ OpenBSD OpenBSD 3.1
+ Oracle Oracle HTTP Server 9.0.1
+ Oracle Oracle HTTP Server 9.2 .0
+ Oracle Oracle9i Application Server 1.0.2
+ Oracle Oracle9i Application Server 1.0.2 .1s
+ Oracle Oracle9i Application Server 1.0.2 .2
+ Oracle Oracle9i Application Server 9.0.2
+ Slackware Linux 8.1
+ Unisphere Networks SDX-300 2.0.3
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.5
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.5
+ HP VirtualVault 4.6
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ RedHat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux AS 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.28
+ OpenBSD OpenBSD 3.4
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 8.0
+ RedHat Linux 9.0 i386
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.42
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.44
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
Apache Software Foundation Apache 2.0.45
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.3
- Apple Mac OS X 10.1.4
- Apple Mac OS X 10.1.5
- Apple Mac OS X 10.2
- Apple Mac OS X 10.2.1
- Apple Mac OS X 10.2.2
- Apple Mac OS X 10.2.3
- Apple Mac OS X 10.2.4
- Apple Mac OS X 10.2.5
- Apple Mac OS X 10.2.6
+ Conectiva Linux 9.0
Apache Software Foundation Apache 2.0.46
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
SGI ProPack 2.3
Slackware Linux -current
Slackware Linux 8.1
Slackware Linux 9.0
Slackware Linux 9.1
</span>
نوع خطر : فوق العاده حساس ( Critical )
Exploit : هنوز Exploit عملیاتی برای پوشش دادن به این Vuln منتشر نشده .
راه حل : بسته به اینکه از کدام نسخه و نگارش استفاده میکنید راه حلها متفاوت هستند . برای رفع این مشکل به مجموعه توزیع کننده Apache خود بروید و حول عنوان Latest Advisory جستجو کنید .
توزیع کنندهء اصلی Apache هم در این آدرس افزونه های نرم افزاری خاصی برای حمایت از کاربران Apache منتشر کرده است :
<span dir=ltr>
Apache Software Foundation Apache 1.3:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.1:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.3:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.4:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.6:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.9:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.11:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.12:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.14:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.17:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.18:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.19:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.20:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.22:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.23:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.24:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.25:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.26:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 1.3.27:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Immunix Upgrade apache-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-1.3.27-1.7.1_imnx_2.i386.rpm
Immunix Upgrade apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-devel-1.3.27-1.7.1_imnx_2.i386.rpm
Immunix Upgrade apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/apache-manual-1.3.27-1.7.1_imnx_2.i386.rpm
Apache Software Foundation Apache 1.3.28:
Apache Software Foundation Upgrade apache_1.3.29.tar.gz
http://apache.mirror.secondchapter.info/httpd/apache_1.3.29.tar.gz
Apache Software Foundation Apache 2.0:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.28:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.32:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.35:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.36:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.37:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.38:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.39:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.40:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
RedHat Patch httpd-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-2.0.40-11.9.i386.rpm
RedHat Patch httpd-devel-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-devel-2.0.40-11.9.i386.rpm
RedHat Patch httpd-manual-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/httpd-manual-2.0.40-11.9.i386.rpm
RedHat Patch mod_ssl-2.0.40-11.9.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/mod_ssl-2.0.40-11.9.i386.rpm
RedHat Patch httpd-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-2.0.40-21.9.i386.rpm
RedHat Patch httpd-devel-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-devel-2.0.40-21.9.i386.rpm
RedHat Patch httpd-manual-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/httpd-manual-2.0.40-21.9.i386.rpm
RedHat Patch mod_ssl-2.0.40-21.9.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/mod_ssl-2.0.40-21.9.i386.rpm
Apache Software Foundation Apache 2.0.41:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.42:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.43:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.44:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.45:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.46:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
Apache Software Foundation Apache 2.0.47:
Apache Software Foundation Upgrade httpd-2.0.48.tar.gz
http://apache.sunsite.ualberta.ca/httpd/httpd-2.0.48.tar.gz
</span>
خوش و موفق و UptoDate باشید
اینپرایز