漏洞信息详情

Apache mod_proxy_balancer模块跨站请求伪造漏洞

  • CNNVD编号:CNNVD-200801-177
  • 危害等级: 中危
  • CVE编号: CVE-2007-6420
  • 漏洞类型: 跨站请求伪造
  • 发布时间: 2007-05-16
  • 威胁类型: 远程
  • 更新时间: 2009-03-20
  • 厂        商: apache
  • 漏洞来源: Luigi Auriemma※ al...

漏洞简介

Server 2.2.7版权及之前的2.2.x所有版本的mod_proxy_balancer模块存在跨站请求伪造漏洞,当在windows系统上运行时,允许远程攻击者通过一个长未明向量获取特权。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu apache2-doc_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 4-3ubuntu0.2_all.deb Ubuntu apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.4-3ubuntu0.2_all.deb Ubuntu apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2-src_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 4-3ubuntu0.2_all.deb Ubuntu apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.4-3ubuntu0.2_powerpc.deb Ubuntu apache2_2.2.4-3ubuntu0.2_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3u buntu0.2_all.deb Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1u buntu0.4_powerpc.deb Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8- 1ubuntu0.4_powerpc.deb Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1 ubuntu0.4_powerpc.deb Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8- 1ubuntu0.4_powerpc.deb Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8 -1ubuntu0.4_powerpc.deb Ubuntu apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubunt u0.4_powerpc.deb Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ub untu0.4_powerpc.deb Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1u buntu0.4_sparc.deb Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8- 1ubuntu0.4_sparc.deb Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1 ubuntu0.4_sparc.deb Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8- 1ubuntu0.4_sparc.deb Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8 -1ubuntu0.4_sparc.deb Ubuntu apache2-utils_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubunt u0.4_sparc.deb Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ub untu0.4_sparc.deb Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1u buntu0.4_all.deb Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu apache2-common_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2 .0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-doc_2.0.55-4ubuntu2.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0. 55-4ubuntu2.4_all.deb Ubuntu apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.0.55-4ubuntu2.4_sparc.deb Ubuntu apache2-utils_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 0.55-4ubuntu2.4_sparc.deb Ubuntu apache2_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4 ubuntu2.4_sparc.deb Ubuntu libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0. 55-4ubuntu2.4_sparc.deb Ubuntu libapr0_2.0.55-4ubuntu2.4_sparc.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4 ubuntu2.4_sparc.deb Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu apache2-doc_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-even t_2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perc hild_2.2.8-1ubuntu0.4_all.deb Ubuntu apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-pref ork_2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-work er_2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork- dev_2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2-src_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2. 8-1ubuntu0.4_all.deb Ubuntu apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded -dev_2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2-utils_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2. 2.8-1ubuntu0.4_amd64.deb Ubuntu apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common _2.2.8-1ubuntu0.4_amd64.deb Ubuntu apache2_2.2.8-1ubuntu0.4_all.deb http://security.ubuntu.c

参考网址

来源: BID 名称: 27236 链接:http://www.securityfocus.com/bid/27236 来源: BUGTRAQ 名称: 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability 链接:http://www.securityfocus.com/archive/1/archive/1/486169/100/0/threaded 来源: UBUNTU 名称: USN-731-1 链接:http://www.ubuntu.com/usn/USN-731-1 来源: BID 名称: 31681 链接:http://www.securityfocus.com/bid/31681 来源: BUGTRAQ 名称: 20080729 rPSA-2008-0236-1 httpd mod_ssl 链接:http://www.securityfocus.com/archive/1/archive/1/494858/100/0/threaded 来源: REDHAT 名称: RHSA-2008:0966 链接:http://www.redhat.com/support/errata/RHSA-2008-0966.html 来源: VUPEN 名称: ADV-2009-0320 链接:http://www.frsirt.com/english/advisories/2009/0320 来源: VUPEN 名称: ADV-2008-2780 链接:http://www.frsirt.com/english/advisories/2008/2780 来源: support.apple.com 链接:http://support.apple.com/kb/HT3216 来源: GENTOO 名称: GLSA-200807-06 链接:http://security.gentoo.org/glsa/glsa-200807-06.xml 来源: SECUNIA 名称: 34219 链接:http://secunia.com/advisories/34219 来源: SECUNIA 名称: 33797 链接:http://secunia.com/advisories/33797 来源: SECUNIA 名称: 32222 链接:http://secunia.com/advisories/32222 来源: SECUNIA 名称: 31026 链接:http://secunia.com/advisories/31026 来源: HP 名称: SSRT090005 链接:http://marc.info/?l=bugtraq&m=123376588623823&w=2 来源: HP 名称: SSRT090005 链接:http://marc.info/?l=bugtraq&m=123376588623823&w=2 来源: SUSE 名称: SUSE-SR:2008:024 链接:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html 来源: APPLE 名称: APPLE-SA-2008-10-09 链接:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html 来源: SREASON 名称: 3523 链接:http://securityreason.com/securityalert/3523 来源:NSFOCUS 名称:11351※11626※11841※11967※11937※11869※12026※12103※12206※12207※1224 链接:http://www.nsfocus.net/vulndb/11351※11626※11841※11967※11937※11869※12026※12103※12206※12207※1224

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多