Oval Definition:	oval:org.mitre.oval:tst:38358
Comment: httpd is earlier than 0:2.2.3-22.el5_3.1 Type: rpminfo_test Namespace: linux Check_Existence: at_least_one_exists Check: at least one State Operator: AND References Object: oval:org.mitre.oval:obj:14173 State: oval:org.mitre.oval:ste:10943 Referencing Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:9754 V Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm. 2013-04-29 oval:org.mitre.oval:def:11094 V The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. 2013-04-29
BACK