Vulnerability Remediation Synopsis Version 0.4Russ Klanke Page 1
Total Page:16
File Type:pdf, Size:1020Kb
Contents Qualys as a mitigation recommendation tool (Knowledge Base) ........................................................... 21 Adobe Flash Vulnerabilities .................................................................................................................... 23 Adobe Flash Player Multiple Vulnerabilities (QID 116536) ................................................................ 23 Adobe Reader Vulnerabilities ................................................................................................................. 24 Adobe Acrobat/Reader "util.printf()" Buffer Overflow Vulnerability (QID 116027)........................... 24 Sun Solaris Adobe Reader Multiple Vulnerabilities (QID 116386) ...................................................... 24 Sun Solaris Adobe Reader Multiple Vulnerabilities (QID 116437) ...................................................... 25 Apache Vulnerabilities ............................................................................................................................ 27 Discovery of Unix Account Names Vulnerability (QID 5001) .............................................................. 27 "test-cgi" CGI Vulnerability (QID 10015) ............................................................................................. 27 Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities (QID 12260) ................................. 28 Apache Axis2/Java "modules" Cross-Site Scripting (XSS) Vulnerability (QID 12370).......................... 29 Apache Axis2 Default Administrative Access (QID 12499) ................................................................. 29 Apache HTTP Server APR "apr_fnmatch()" Denial of Service Vulnerability (QID 12500) ................... 30 Apache HTTP Server Mod_Proxy Denial of Service Vulnerability (QID 62057) .................................. 30 Apache CGI Source Code Viewing Vulnerability (QID 86054) ............................................................. 31 Apache Webserver /server-status Information Disclosure Vulnerability (QID 86410) ...................... 31 Apache 2.x HTTP Server Linefeed Memory Allocation Denial of Service Vulnerability (QID 86482) . 32 Apache 2.x Web Server File Descriptor Leakage Vulnerability (QID 86483) ....................................... 32 Apache Basic Authentication Module Valid User Login Denial of Service Vulnerability (QID 86532) 33 Miscellaneous Apache Vulnerabilities (2.0.46 and earlier) (QID 86562) ............................................ 33 Apache HTTP Server Buffer Overflow Vulnerabilities In mod_alias And mod_rewrite (QID 86600) . 34 Apache2 MOD_CGI STDERR Denial of Service Vulnerability (QID 86636) .......................................... 34 Apache Web Server Type-Map Recursive Loop Denial of Service Vulnerability (QID 86637) ............ 35 Apache 2.0.49 And Earlier Miscellaneous Vulnerabilities (QID 86643) .............................................. 35 Multiple Apache Web Server Vulnerabilities prior to version 2.0.51 (QID 86678) ............................. 36 Multiple Apache 1.3.32 and Earlier Web Server Local Buffer Overflow Vulnerabilities (QID 86680) 36 Apache 2.0.35-2.0.52 Memory Consumption Denial of Service and mod_ssl SSLCipherSuite Bypass (QID 86683) ......................................................................................................................................... 37 Apache CGI Byterange Request Denial of Service Vulnerability (QID 86713) .................................... 37 Vulnerability Remediation Synopsis version 0.4Russ Klanke Page 1 Apache Tomcat Simultaneous Directory Listing Denial of Service Vulnerability (QID 86724) ........... 38 Apache MPM Worker.C Denial of Service Vulnerability (QID 86726) ................................................ 39 Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability (QID 86727) ...................................... 40 Apache Web Server fails to sanitize Escape Sequence Injection into its Access Logs (QID 86744) .... 41 Apache Web Server fails to sanitize Escape Sequence Injection into its Error Logs (QID 86745) ...... 41 Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability (QID 86746) ................................. 42 Apache Tomcat JK Web Server Connector Security Bypass Vulnerability (QID 86764) ...................... 42 Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting (XSS) Weakness (QID 86771) ................................................................................................................................................. 43 Apache mod_ssl Denial of Service Vulnerability (QID 86773) ............................................................ 44 Apache Tomcat Information Disclosure Vulnerability (QID 86775).................................................... 44 Apache Tomcat Absolute Path Traversal Vulnerability (QID 86776) .................................................. 45 Apache Tomcat Accept-Language Cross-Site Scripting (XSS) Vulnerability (QID 86777) .................... 46 Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability (QID 86779) ................ 47 Apache Tomcat 4, 5 and 6 Examples Web Application Multiple Cross-Site Scripting (XSS) Vulnerabilities (QID 86781) ................................................................................................................. 47 Apache Tomcat Multiple Cross-Site Scripting (XSS) Vulnerabilities in Manager and Host Manager Web Applications (QID 86782) ............................................................................................................ 48 Apache Tomcat 4.1 Cross-Site Scripting (XSS) Vulnerability (QID 86783) .......................................... 49 Apache Tomcat 4 and 5 Cross-Site Scripting (XSS) Vulnerability in Calendar Application in JSP Examples (QID 86785) ......................................................................................................................... 49 Apache Tomcat Servlet Host Manager Servlet Cross-Site Scripting (XSS) Vulnerability (QID 86786) 50 Apache 2.2 Multiple Vulnerabilities (QID 86788) ............................................................................... 51 Apache Tomcat Multiple Content Length Headers Information Disclosure Vulnerability (QID 86789) ............................................................................................................................................................ 52 Apache Tomcat 4 Denial of Service Vulnerability (QID 86790) ........................................................... 52 Apache Tomcat 4 Information Disclosure Vulnerability (QID 86791) ................................................. 52 Apache Tomcat 6 Information Disclosure Vulnerability (QID 86792) ................................................. 53 Apache Tomcat Session Hi-jacking Vulnerability (QID 86794) ............................................................ 53 Apache mod_ssl Certificate Revocation List Off-By-One Buffer Overflow Vulnerability (QID 86801) 54 Apache Tomcat 5 and 6 Host Manager Web Application Cross-Site Scripting (XSS) Vulnerability (QID 86803) ................................................................................................................................................. 54 Apache Tomcat 4, 5 and 6 Multiple Vulnerabilities (QID 86804) ....................................................... 55 Vulnerability Remediation Synopsis version 0.4Russ Klanke Page 2 Apache Tomcat RequestDispatcher Information Disclosure Vulnerability (QID 86808) .................... 56 Apache 1.3, 2.0 and 2.2 HTTP Server Multiple Vulnerabilities (QID 86809) ....................................... 57 Apache 2.0 HTTP Server PCRE Integer Overflow Vulnerability (QID 86812) ...................................... 58 Apache 2.0 HTTP Server mod_ssl Stack Buffer Overflow Vulnerability (QID 86814) ......................... 58 Apache HTTP Server Expect Header Cross-Site Scripting (XSS) (QID 86821) ...................................... 59 Apache Tomcat "RemoteFilterValve" Security Bypass Vulnerability (QID 86823) ............................. 60 Apache HTTP Server AllowOverride Options Security Bypass (QID 86840) ........................................ 60 Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability (QID 86842) ..... 61 Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day (QID 86847) ...................... 62 Apache Tomcat Multiple Vulnerabilities (QID 86851) ........................................................................ 63 APR-util Library Integer Overflow Vulnerabilities (QID 86852) .......................................................... 64 Apache mod_proxy_ftp FTP Command Injection Vulnerability (QID 86855) ..................................... 65 Apache Tomcat Installer Insecure Password Vulnerability (QID 86857) ............................................ 66 Apache Tomcat Directory Traversal Weaknesses and Security Issue (QID 86865) ............................ 66 Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability (QID 86868)......... 68 Apache HTTP Server Prior to 2.2.15 Multiple Vulnerabilities (QID 86873)......................................... 68 Apache httpd "mod_proxy_http" Timeout Handling Information Disclosure Vulnerability (QID 86901) ................................................................................................................................................. 69 Apache HTTP Server 2.2.15 mod_cache and mod_dav Undisclosed DoS Vulnerability