Gentoo Linux: CVE-2008-1678: Apache: Denial of Service
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | July 10, 2008 | October 30, 2017 | October 30, 2017 |
Description
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
gentoo-linux-upgrade-www-servers-apacheRelated Vulnerabilities
- OS X security update 2008-007 for Networking (CVE-2008-3645)
- HP-UX: CVE-2008-2364: Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
- Cent OS: CVE-2008-2712: CESA-2008:0580 (vim)
- SUSE Linux Security Vulnerability: CVE-2008-1389
- RHSA-2008:0967: httpd security and bug fix update
- Cent OS: CVE-2008-1232: CESA-2008:0648 (tomcat)
- OS X security update 2010-002 for vim (CVE-2008-2712)
- SUSE Linux Security Advisory: SUSE-SR:2009:002
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-6286)
- CESA-2008:0042: tomcat security update
- FreeBSD: mysql -- privilege escalation and overwrite of the system table information (CVE-2007-5969)
- FreeBSD: vim -- Vim Shell Command Injection Vulnerabilities (CVE-2008-2712)
- OS X security update 2008-007 for libxslt (CVE-2008-1767)
- USN-624-2: Erlang vulnerability
- Gentoo Linux: CVE-2007-5969: MySQL: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2008-2370
- OS X update for PHP (CVE-2008-2371)
- USN-628-1: PHP vulnerabilities
- OS X security update 2008-007 for MySQL Server (CVE-2008-2079)
- ELSA-2008-0617 Moderate: Enterprise Linux vim security update
- Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
- Apache Tomcat Cookie Handling Session ID Disclosure Vulnerability (CVE-2007-5333)
- OS X security update 2008-007 for ClamAV (CVE-2008-3914)
- Apache Tomcat: Low: Session hi-jacking (CVE-2007-5333)
- Gentoo Linux: CVE-2008-3913: ClamAV: Multiple Denials of Service
- RHSA-2010:0602: Red Hat Certificate System 7.3 security update
- RHSA-2009:1454: tomcat5 security update
- SUSE Linux Security Advisory: SUSE-SR:2008:003
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1232)
- Apache Tomcat Host Manager Cross-Site Scripting Vulnerability
- Cent OS: CVE-2008-2370: CESA-2008:0648 (tomcat)
- Cent OS: CVE-2008-3432: CESA-2008:0617 (vim)
- SUSE Linux Security Advisory: SUSE-SR:2008:013
- FreeBSD: cups -- multiple vulnerabilities (Multiple CVEs)
- RHSA-2008:0937: cups security update
- RHSA-2008:0580: vim security update
- SUSE Linux Security Vulnerability: CVE-2008-3913
- RHSA-2008:0862: tomcat security update
- RHSA-2007:1155: mysql security update
- SUSE Linux Security Advisory: SUSE-SR:2008:005
- ELSA-2007-1155 Important: Enterprise Linux mysql security update
- MySQL DATA DIRECTORY and INDEX DIRECTORY symlink system table overwrite
- FreeBSD: mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths (Multiple CVEs)
- Sun Patch: SunOS 5.9: Apache Security Patch
- OS X security update 2008-007 for Tomcat (CVE-2008-0002)
- OpenSSL CRYPTO_cleanup_all_ex_data denial of service (CVE-2008-1678)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-1947)
- SUSE Linux Security Vulnerability: CVE-2008-2371
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5342)
- OS X security update 2008-005 for PHP (CVE-2007-4850)
- FreeBSD: pcre -- buffer overflow vulnerability (CVE-2008-0674)
- USN-671-1: MySQL vulnerabilities
- FreeBSD: apache -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2008-2079: MySQL: Privilege bypass
- OS X security update 2008-007 for MySQL Server (CVE-2007-5969)
- ELSA-2008-0287 Important: Enterprise Linux libxslt security update
- RHSA-2009:1164: tomcat security update
- SUSE Linux Security Vulnerability: CVE-2008-2364
- FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
- CESA-2007:1155: RHSA-2007:1155
- ELSA-2008-0937 Important: Enterprise Linux cups security update
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-2370)
- OS X security update 2008-007 for Tomcat (CVE-2008-2938)
- RHSA-2008:0151: JBoss Enterprise Application Platform 4.2.0CP02 security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-2370)
- Apache Tomcat Exception Handling Information Disclosure Vulnerability
- Sun Patch: SunOS 5.9_x86: Apache Security Patch
- Cent OS: CVE-2008-2938: CESA-2008:0648 (tomcat)
- Gentoo Linux: CVE-2008-0002: Tomcat: Multiple vulnerabilities
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2008-0002)
- PHP Multiple Vulnerabilities Fixed in version 4.4.9
- SUSE Linux Security Vulnerability: CVE-2008-1232
- Gentoo Linux: CVE-2008-1389: ClamAV: Multiple Denials of Service
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5342)
- Sun Patch: SunOS 5.10: Apache 1.3 Patch
- OS X security update 2008-007 for Apache (CVE-2008-1678)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5461)
- OS X security update 2008-005 for PHP (CVE-2008-0674)
- SUSE Linux Security Advisory: SUSE-SR:2008:017
- VMSA-2009-0002: Update for VirtualCenter and ESX patch update Apache Tomcat version to 5.5.27 (CVE-2008-1232)
- USN-588-1: MySQL vulnerabilities
- USN-581-1: PCRE vulnerability
- RHSA-2009:1563: tomcat security update
- FreeBSD: clamav -- CHM Processing Denial of Service (CVE-2008-1389)
- SUSE Linux Security Vulnerability: CVE-2007-6286
- VMSA-2008-0010.3: Tomcat Server Security Update (CVE-2007-5333)
- VMSA-2009-0004.3: Updated vim package (CVE-2008-4101)
- PHP Vulnerability: CVE-2007-4850
- Cent OS: CVE-2008-4101: CESA-2008:0580 (vim)
- VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-5333)
- Gentoo Linux: CVE-2007-6420: Apache: Denial of Service
- RHSA-2008:0877: jbossweb security update
- Apache Tomcat JULI Logging Component Security Bypass
- RHSA-2008:0618: vim security update
- Gentoo Linux: CVE-2007-5461: Tomcat: Multiple vulnerabilities
- RHSA-2008:0617: vim security update
- Apache Tomcat: Low: Cross-site scripting (CVE-2008-1947)
- SUSE Linux Security Vulnerability: CVE-2008-1947
- Sun Patch: SunOS 5.10: Apache 2 Patch