[Openvas-discuss] openvas scanner
kaushalshriyan at gmail.com
Mon Sep 13 15:38:55 CEST 2010
Can someone please suggest me whats causing this issue, I see it on
gnutls_x509_privkey_import_pkcs8: Decryption has failed. (-24)"
Thanks and Regards
On Mon, Sep 13, 2010 at 11:26 AM, Kaushal Shriyan
<kaushalshriyan at gmail.com> wrote:
> I have ran openvas scanner on one of the client host. The report
> suggests Apache versions prior to 2.2.15-dev are affected. I had a
> word with Ubuntu Security Team, "Your OpenVAS scan is a false alert,
> as it's relying on the version number" Please suggest/guide.
> Thanks and Regards
> Apache is prone to multiple vulnerabilities.
> These issues may lead to information disclosure or other attacks.
> Apache versions prior to 2.2.15-dev are affected.
> These issues have been addressed in Apache 2.2.15-dev. Apache 2.2.15
> including fixes will become available in the future as well. Please
> see the references for more information.
> Risk factor : Medium
> CVE : CVE-2010-0425, CVE-2010-0434, CVE-2010-0408
> BID : 38494, 38491
> OID : 220.127.116.11.4.1.25618.104.22.168514
> Apache HTTP Server is prone to multiple remote denial-of-service
> An attacker can exploit these issues to deny service to
> legitimate users.
> Versions prior to Apache 2.2.16 are vulnerable.
> These issues have been fixed in Apache 2.2.16. Please see the
> references for more information.
> CVE : CVE-2010-1452
> BID : 41963
> OID : 22.214.171.124.4.1.256126.96.36.199725
> This host is running Apache HTTP Server and is prone to Denial of Service
> Vulnerability Insight:
> The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c'
> in the mod_proxy module. When a reverse proxy is configured, it does
> not properly
> handle an amount of streamed data that exceeds the Content-Length value via
> crafted requests.
> Successful exploitation will allow remote attackers to cause Denial of Service
> to the legitimate user by CPU consumption.
> Impact Level: Application
> Affected Software/OS:
> Apache HTTP Server version prior to 2.3.3
> Fixed in the SVN repository.
> CVSS Score:
> CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
> CVSS Temporal Score : 3.7
> Risk factor : Medium
> CVE : CVE-2009-1890
> BID : 35565
> OID : 188.8.131.52.4.1.256184.108.40.2060827
More information about the Openvas-discuss