Vulnerability Name:

CVE-2007-4465 (CCN-36586)

Assigned:2007-09-13
Published:2007-09-13
Updated:2018-10-30
Summary:Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset.
Note: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Sep 12 2007 - 15:04:18 CDT
Apache2 Undefined Charset UTF-7 XSS Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=186219

Source: MITRE
Type: CNA
CVE-2007-4465

Source: CCN
Type: HP Security Bulletin HPSBUX02431 SSRT090085 rev.1
HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Execution of Arbitrary Code

Source: CCN
Type: HP Security Bulletin HPSBUX02365 SSRT080118 rev.1
HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)

Source: HP
Type: UNKNOWN
HPSBUX02365

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-05-28

Source: HP
Type: UNKNOWN
SSRT090085

Source: HP
Type: UNKNOWN
HPSBUX02465

Source: CCN
Type: RHSA-2007-0911
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0004
Moderate: apache security update

Source: CCN
Type: RHSA-2008-0005
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0006
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0008
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0523
Low: Red Hat Network Proxy Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: SECUNIA
Type: UNKNOWN
26842

Source: SECUNIA
Type: UNKNOWN
26952

Source: SECUNIA
Type: UNKNOWN
27563

Source: SECUNIA
Type: UNKNOWN
27732

Source: CCN
Type: SA28082
Hitachi Web Server Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28467

Source: SECUNIA
Type: UNKNOWN
28471

Source: CCN
Type: SA28607
Avaya Products httpd Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28607

Source: SECUNIA
Type: UNKNOWN
28749

Source: CCN
Type: SA30430
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
30430

Source: SECUNIA
Type: UNKNOWN
31651

Source: CCN
Type: SA33105
Fujitsu Interstage HTTP Server Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33105

Source: CCN
Type: SA35650
HP-UX Apache Web Server Suite Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
35650

Source: GENTOO
Type: UNKNOWN
GLSA-200711-06

Source: SREASONRES
Type: UNKNOWN
20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability

Source: SREASON
Type: UNKNOWN
3113

Source: CCN
Type: SECTRACK ID: 1019194
Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1019194

Source: CCN
Type: Apple Web site
About the security content of Security Update 2008-003 / Mac OS X 10.5.3

Source: CCN
Type: ASA-2008-026
httpd security update (RHSA-2008-0005)

Source: CCN
Type: ASA-2008-027
httpd security update (RHSA-2008-0007)

Source: CCN
Type: ASA-2008-031
Apache security update (RHSA-2008-0004)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

Source: CCN
Type: ASA-2008-032
httpd security update (RHSA-2008-0006)

Source: CCN
Type: ASA-2009-255
HPSBUX02431 SSRT090085 rev.1 - HP-UX Running Apache Web Server SuiteRemote Denial of Service (DoS) Execution of Arbitrary Code

Source: CCN
Type: Apache Web site
Welcome! - The Apache Software Foundation

Source: CONFIRM
Type: UNKNOWN
http://www.apache.org/dist/httpd/CHANGES_2.2.6

Source: CCN
Type: FUJITSU Web site
Interstage HTTP Server: Cross-site Scripting Problem (CVE-2007-4465/ CVE-2007-6203).

Source: CONFIRM
Type: UNKNOWN
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

Source: CCN
Type: GLSA-200711-06
Apache: Multiple vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS07-041
Cross-Site Scripting Vulnerability When Using the DirectoryIndex function in Hitachi Web Server

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:014

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:061

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2214

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0911

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0004

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0005

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0006

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0008

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BUGTRAQ
Type: UNKNOWN
20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability

Source: BID
Type: Patch
25653

Source: CCN
Type: BID-25653
Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability

Source: CCN
Type: TLSA-2008-5
Cross-site scripting (XSS) vulnerabilities

Source: CCN
Type: USN-575-1
Apache vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-575-1

Source: CERT
Type: US Government Resource
TA08-150A

Source: VUPEN
Type: UNKNOWN
ADV-2008-1697

Source: XF
Type: UNKNOWN
apache-utf7-xss(36586)

Source: XF
Type: UNKNOWN
apache-utf7-xss(36586)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10929

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6089

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-707

Source: SUSE
Type: SUSE-SA:2007:061
Apache2 security issues

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:-:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.61:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_application_server_plus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_application_server_plus:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_apworks_modelers_j:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:network_proxy:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20074465
    V
    		CVE-2007-4465
    2022-06-30
    oval:org.opensuse.security:def:42270
    P
    		Security update for permissions (Moderate)
    2022-01-20
    oval:org.opensuse.security:def:111948
    P
    		apache2-2.4.49-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:31330
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:33045
    P
    		Security update for postgresql96 (Important)
    2021-11-22
    oval:org.opensuse.security:def:31705
    P
    		Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:31300
    P
    		Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:32214
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31697
    P
    		Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:26145
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:105514
    P
    		apache2-2.4.49-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26131
    P
    		Security update for xen (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:33006
    P
    		Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:26123
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32158
    P
    		Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:32150
    P
    		Security update for the Linux Kernel (Important)
    2021-07-22
    oval:org.opensuse.security:def:31656
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:26092
    P
    		Security update for the Linux Kernel (Important)
    2021-07-20
    oval:org.opensuse.security:def:31221
    P
    		Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:31208
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31640
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:31634
    P
    		Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:36082
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36370
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42489
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32106
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26057
    P
    		Security update for libX11 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:42074
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:26043
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32084
    P
    		Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:31147
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31745
    P
    		Security update for glib2 (Important)
    2021-03-16
    oval:org.opensuse.security:def:31353
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26208
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:26204
    P
    		Security update for freeradius-server (Low)
    2021-03-04
    oval:org.opensuse.security:def:32263
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:31342
    P
    		Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:31331
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:26189
    P
    		Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:31744
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:31357
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:25973
    P
    		Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:31560
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:32002
    P
    		Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:35863
    P
    		apache2-2.2.12-1.38.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35522
    P
    		apache2-2.2.10-2.24.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35667
    P
    		apache2-2.2.12-1.28.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41929
    P
    		apache2-2.2.10-2.24.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25920
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25503
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26363
    P
    		Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31135
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25617
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:26862
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25995
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25644
    P
    		Security update for taglib (Low)
    2020-12-01
    oval:org.opensuse.security:def:32045
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27333
    P
    		xorg-x11-libXrender-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25752
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31955
    P
    		Security update for gstreamer-0_10-plugins-good (Important)
    2020-12-01
    oval:org.opensuse.security:def:31549
    P
    		Security update for screen (Low)
    2020-12-01
    oval:org.opensuse.security:def:25848
    P
    		Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32324
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25219
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25805
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32632
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25631
    P
    		Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31444
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25294
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26598
    P
    		libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26632
    P
    		puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25643
    P
    		Security update for hunspell (Low)
    2020-12-01
    oval:org.opensuse.security:def:25415
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31801
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26407
    P
    		Security update for libmad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30991
    P
    		Security update for jakarta-commons-fileupload (Important)
    2020-12-01
    oval:org.opensuse.security:def:25698
    P
    		Security update for dpdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    		Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26651
    P
    		xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25835
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25650
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31889
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:27080
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25073
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31076
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32448
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26261
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25897
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25085
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31445
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25849
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25414
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:31766
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26496
    P
    		Security update for tmux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25950
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:32827
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25919
    P
    		Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25277
    P
    		Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:31589
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26349
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26522
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    		Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:31915
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26827
    P
    		sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25931
    P
    		Security update for libcares2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:25560
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31136
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25916
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31911
    P
    		Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31548
    P
    		Security update for sblim-sfcb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25795
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:27368
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25218
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25791
    P
    		Security update for kernel-source (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32593
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32368
    P
    		Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25230
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26549
    P
    		ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25994
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25632
    P
    		Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25358
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:31600
    P
    		Security update for tightvnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:30990
    P
    		Security update for jakarta-commons-fileupload
    2020-12-01
    oval:org.opensuse.security:def:25422
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31784
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26637
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26667
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25707
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25499
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31850
    P
    		Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27045
    P
    		tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31002
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25755
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31810
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25703
    P
    		Security update for squid (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25074
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:25990
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32302
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:32487
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25413
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31416
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26345
    P
    		Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25936
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32788
    P
    		star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25149
    P
    		Security update for openssl-1_1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31502
    P
    		Security update for python27 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26310
    P
    		Security update for Cloud Compute 12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26487
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25425
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:31858
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.mitre.oval:def:6089
    V
    		HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
    2015-04-20
    oval:org.mitre.oval:def:17648
    P
    		USN-575-1 -- apache2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:22498
    P
    		ELSA-2008:0008: httpd security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10929
    V
    		Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
    2013-04-29
    oval:com.redhat.rhsa:def:20080005
    P
    		RHSA-2008:0005: httpd security update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20080006
    P
    		RHSA-2008:0006: httpd security update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20080008
    P
    		RHSA-2008:0008: httpd security update (Moderate)
    2008-03-20
    BACK
    apache http server -
    apache http server 2.0
    apache http server 2.0.9
    apache http server 2.0.28
    apache http server 2.0.28 beta
    apache http server 2.0.32
    apache http server 2.0.32 beta
    apache http server 2.0.34 beta
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.37
    apache http server 2.0.38
    apache http server 2.0.39
    apache http server 2.0.40
    apache http server 2.0.41
    apache http server 2.0.42
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.45
    apache http server 2.0.46
    apache http server 2.0.47
    apache http server 2.0.48
    apache http server 2.0.49
    apache http server 2.0.50
    apache http server 2.0.51
    apache http server 2.0.52
    apache http server 2.0.53
    apache http server 2.0.54
    apache http server 2.0.55
    apache http server 2.0.56
    apache http server 2.0.57
    apache http server 2.0.58
    apache http server 2.0.59
    apache http server 2.0.60
    apache http server 2.0.61
    apache http server 2.1
    apache http server 2.1.1
    apache http server 2.1.2
    apache http server 2.1.3
    apache http server 2.1.4
    apache http server 2.1.5
    apache http server 2.1.6
    apache http server 2.1.7
    apache http server 2.1.8
    apache http server 2.2
    apache http server 2.2.1
    apache http server 2.2.2
    apache http server 2.2.3
    apache http server 2.2.4
    apache http server 2.0.28 beta
    apache http server 2.0
    apache http server 2.0.38
    apache http server 2.0.39
    apache http server 2.0.42
    apache http server 2.0.47
    apache http server 2.0.60
    apache http server 2.0.49
    apache http server 2.0.48
    apache http server 2.0.51
    apache http server 2.0.52
    apache http server 2.0.40
    apache http server 2.0.59
    apache http server 2.2.4
    apache http server 2.0.46
    apache http server 2.0.55
    apache http server 2.2.3
    apache http server 2.2.2
    apache http server 2.0.28
    apache http server 2.0.32
    apache http server 2.0.35
    apache http server 2.0.36
    apache http server 2.0.37
    apache http server 2.0.41
    apache http server 2.0.32 beta
    apache http server 2.0.34 beta
    apache http server 2.0.43
    apache http server 2.0.44
    apache http server 2.0.45
    apache http server 2.0.50
    apache http server 2.0.53
    apache http server 2.0.54
    apache http server 2.0.56
    apache http server 2.0.57
    apache http server 2.0.58
    apache http server 2.1
    apache http server 2.1.1
    apache http server 2.1.2
    apache http server 2.1.3
    apache http server 2.1.4
    apache http server 2.1.5
    apache http server 2.1.6
    apache http server 2.1.7
    apache http server 2.1.8
    apache http server 2.2
    apache http server 2.2.1
    redhat certificate system 7.3
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    canonical ubuntu 7.10
    fujitsu interstage application server plus 7.0
    fujitsu interstage application server plus 7.0.1
    fujitsu interstage apworks modelers j 7.0
    mandrakesoft mandrake linux 2007.1
    redhat rhel application stack 2
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    apple mac os x server 10.5.2
    novell open enterprise server *
    redhat network proxy 4.2
    novell opensuse 10.2
    novell opensuse 10.3
    apache http server 2.2.8
    apache tomcat 5.5.27