cve-cve 2015 2545-3825怎么解决

来源:蜘蛛抓取(WebSpider) 时间:2016-03-22 04:09 标签: cve 2015 4852
CVE-漏洞详情 - SCAP中文社区
CVE&&通用漏洞与披露Common Vulnerabilities and Exposures
发布时间&: 14:41:00
修订时间&: 11:44:26
[原文]The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
[CNNVD]Apache mod_proxy_http模块 的ap_proxy_http_process_response()函数拒绝服务漏洞()&&&&&&&&Apache HTTP Server是一款流行的Web服务器。
&&&&&&&&Apache的mod_proxy_http模块中的ap_proxy_http_process_response()函数没有正确地转发中间响应,如果mod_proxy受骗向客户端发送了大量的中间响应的话,就会耗尽大量内存资源。
&&&&&&&&
CVSS (基础分值)
[中等(MEDIUM)]
机密性影响:
[对系统的机密性无影响]
完整性影响:
[不会对系统完整性产生影响]
可用性影响:
[可能会导致性能下降或中断资源访问]
攻击复杂度:
[漏洞利用没有访问限制 ]
[攻击者不需要获取内网访问权或本地访问权]
[漏洞利用无需身份认证]
CWE (弱点类目)
[资源管理错误]
CPE (受影响的平台与产品)
cpe:/a:apache:http_server:2.2.8Apache Software Foundation Apache HTTP Server 2.2.8cpe:/a:apache:http_server:2.0.63Apache Software Foundation Apache HTTP Server 2.0.63
OVAL (用于检测的技术细节)
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not ...HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)Apache 'mod_proxy_http' Interim Response Denial of Service VulnerabilityELSA-: httpd security and bug fix update (Moderate)*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。
官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD
其它链接及资源
(PATCH) &BID &29653
(UNKNOWN) &FEDORA &FEDORA-
(UNKNOWN) &FEDORA &FEDORA-
(UNKNOWN) &XF &apache-modproxy-module-dos(42987)
(UNKNOWN) &VUPEN &ADV-
(UNKNOWN) &VUPEN &ADV-
(UNKNOWN) &VUPEN &ADV-
(UNKNOWN) &UBUNTU &USN-731-1
(UNKNOWN) &SECTRACK &1020267
(UNKNOWN) &BID &31681
(UNKNOWN) &BUGTRAQ & rPSA- httpd mod_ssl
(UNKNOWN) &BUGTRAQ & rPSA- httpd mod_ssl
(UNKNOWN) &REDHAT &RHSA-
(UNKNOWN) &CONFIRM &/technetwork/topics/security/cpujuly.html
(UNKNOWN) &MANDRIVA &MDVSA-
(UNKNOWN) &MANDRIVA &MDVSA-
(UNKNOWN) &AIXAPAR &PK67579
(UNKNOWN) &CONFIRM &http://www-/support/docview.wss?uid=swg
(UNKNOWN) &CONFIRM &/wiki/Advisories:rPSA-
(UNKNOWN) &CONFIRM &http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1==666153&pathrev=666154
(UNKNOWN) &CONFIRM &/kb/HT3216
(UNKNOWN) &SUNALERT &247666
(UNKNOWN) &GENTOO &GLSA-
(UNKNOWN) &SECUNIA &34418
(UNKNOWN) &SECUNIA &34259
(UNKNOWN) &SECUNIA &34219
(UNKNOWN) &SECUNIA &33797
(UNKNOWN) &SECUNIA &33156
(UNKNOWN) &SECUNIA &32838
(UNKNOWN) &SECUNIA &32685
(UNKNOWN) &SECUNIA &32222
(UNKNOWN) &SECUNIA &31904
(UNKNOWN) &SECUNIA &31651
(UNKNOWN) &SECUNIA &31416
(UNKNOWN) &SECUNIA &31404
(UNKNOWN) &SECUNIA &31026
(VENDOR_ADVISORY) &SECUNIA &30621
(UNKNOWN) &REDHAT &RHSA-
(UNKNOWN) &HP &HPSBUX02465
(UNKNOWN) &HP &SSRT090192
(UNKNOWN) &HP &SSRT090005
(UNKNOWN) &HP &HPSBUX02401
(UNKNOWN) &SUSE &SUSE-SR:
(UNKNOWN) &SUSE &SUSE-SR:
(UNKNOWN) &APPLE &APPLE-SA-
(UNKNOWN) &HP &HPSBUX02365
(UNKNOWN) &HP &SSRT080118
公告与补丁
&&&&&&&&目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
&&&&&&&&
漏洞信息 (F89987)
漏洞信息 (F82164)
漏洞信息 (F75604)
漏洞信息 (F74633)
漏洞信息 (F72628)
漏洞信息 (F69969)
漏洞信息 (F69466)
漏洞信息 (F68082)
Unknown or Incomplete
受影响的程序版本
不受影响的程序版本
关于SCAP中文社区
SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[。
CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在。CVE-漏洞详情 - SCAP中文社区
CVE&&通用漏洞与披露Common Vulnerabilities and Exposures
发布时间&: 18:59:00
修订时间&: 18:59:00
[原文]** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-. Reason: This candidate is a reservation duplicate of CVE-. Notes: All CVE users should reference CVE- instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
[CNNVD]CNNVD数据暂缺。
[机译]帮助我们改进 Google 翻译
CVSS (基础分值)
CVSS暂不可用
CPE (受影响的平台与产品)
产品及版本信息(CPE)暂不可用
OVAL (用于检测的技术细节)
未找到相关OVAL定义
官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
其它链接及资源
关于SCAP中文社区
SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[。
CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在。

我要回帖

更多关于 cve 2015 4852 的文章

 

随机推荐