Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apache :: hack0182.htm

Apache - error could allow protected pages to be viewed without requiring authentication



TSLSA-2004-0049 - apache

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0049

Package name:      apache
Summary:           authentication bypass
Date:              2004-09-23
Affected versions: Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.


Problem description:
  An error with the merging of the Satisfy directive in apache 2.0.51 could
  allow protected pages to be viewed without requiring authentication.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0811 to this issue.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
   
   


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
   


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
   

  The advisory itself is available from the errata pages at
   and 
   
  or directly at
   


MD5sums of the packages:
- --------------------------------------------------------------------------
392f114b84556c4cbaeb5beda3020fc4  2.0/rpms/apache-2.0.51-0.2tr.i586.rpm
f1e7c48e8a2f478579f74e4592d9cb12  2.0/rpms/apache-devel-2.0.51-0.2tr.i586.rpm
4877783d9c9bd4ee8950a2062dd896dc  2.0/rpms/apache-manual-2.0.51-0.2tr.i586.rpm

71ec09e634bfe5e384e480775b52c60e  2.1/rpms/apache-2.0.51-2tr.i586.rpm
4eba9c306a8199dd5db61a7965763feb  2.1/rpms/apache-dbm-2.0.51-2tr.i586.rpm
8fb2b4c69ec7b5a748e6b65b3c74c81a  2.1/rpms/apache-devel-2.0.51-2tr.i586.rpm
5367c5b99520b10af9362b4fb97ec90f  2.1/rpms/apache-manual-2.0.51-2tr.i586.rpm

d11c89fe15f044bc0a01d62b6866401c  e-2/apache-2.0.51-2tr.i586.rpm
94455cc43cbb38f98d23c2a1a97ec2a7  e-2/apache-dbm-2.0.51-2tr.i586.rpm
34adefed998ef4be116f46366889de0e  e-2/apache-devel-2.0.51-2tr.i586.rpm
8ca73789cde55011eb89bab7b5100709  e-2/apache-manual-2.0.51-2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBUtnEi8CEzsK9IksRAvdXAKC0lcZ2BaKcGnS/eibd3KF4LJ0USwCffc8M
HW/K9gowB9NPRhsCyHiTbIk=
=yQ9B
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH