Oracle Solaris, Sun Solaris

ソフト名：Oracle Solaris 11 Express, Sun Solaris 10.x (Apache 2.2.19)

回避策：あり

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.oracle.com/us/products/servers-storage/solaris/solaris-11-express-185123.html

http://www.oracle.com/us/sun/index.htm

http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of

http://secunia.com/advisories/45606/

http://secunia.com/advisories/46137/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Red Hat JBoss Enterprise Web Server

ソフト名：Red Hat JBoss Enterprise Web Server 1.x/EL4/EL5/EL6 (Apache 2.2.19)

回避策：RHSA-2011:1329-01, RHSA-2011:1330-01にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.redhat.com/jboss/

http://www.jboss.com/products/platforms/webserver/

https://rhn.redhat.com/errata/RHSA-2011-1329.html

https://rhn.redhat.com/errata/RHSA-2011-1330.html

http://secunia.com/advisories/45606/

http://secunia.com/advisories/46125/

http://secunia.com/advisories/46126/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Blue Coat Director

ソフト名：Blue Coat Director (SGME) 5.5.2.3 (OpenBSD OpenSSH 3.6.1p1, Apache 1.3.41/2.0.63/2.0.64/2.2.x)

回避策：あり

脆弱性：セキュリティ制限の回避, XSS, 機密情報の奪取, DoS攻撃, システムアクセス, ユーザー名リストの曝露, メモリの浪費, 不正HTMLの実行, スクリプトコード実行, NULLポインタの逆参照, クラッシュ, イベントのハング, 入力検証エラー, CPUリソースの浪費

ソース：

http://www.bluecoat.com/products/director/features.html

https://kb.bluecoat.com/index?page=content&id=SA61

https://kb.bluecoat.com/index?page=content&id=SA62

https://kb.bluecoat.com/index?page=content&id=SA63

http://secunia.com/advisories/8720/

http://secunia.com/advisories/30621/

http://secunia.com/advisories/31384/

http://secunia.com/advisories/36549/

http://secunia.com/advisories/36675/

http://secunia.com/advisories/38852/

http://secunia.com/advisories/46041/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2666

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623

CVE：CVE-2003-0190, CVE-2005-2666, CVE-2008-2364, CVE-2008-2939, CVE-2009-1891, CVE-2009-2412, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555, CVE-2009-3560, CVE-2009-3720, CVE-2010-0425, CVE-2010-0434, CVE-2010-1452, CVE-2010-1623

危険性：Medium Risk

Oracle Application Server, Oracle Fusion Middleware

ソフト名：Oracle Application Server 10g(10.1.2.3.0/10.1.3.5.0), Oracle Fusion Middleware 11g (11.1.1.3.0/11.1.1.4.0/11.1.1.5.0) (Apache 2.2.19)

回避策：あり

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.oracle.com/us/products/middleware/application-server/index.html?origref=http://secunia.com/advisories/product/3190/

http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html

http://blogs.oracle.com/security/entry/security_alert_for_cve_2011

http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

http://secunia.com/advisories/45606/

http://secunia.com/advisories/46000/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

HP HP-UX

ソフト名：HP HP-UX B.11.11/B.11.23/B.11.31 (Apache 2.2.18未満/2.2.19)

回避策：HPSBUX02702 SSRT100606にて対応

脆弱性：DoS攻撃, 無限再帰エラー, スタックオーバーフロー, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://h71028.www7.hp.com/enterprise/w1/en/os/hpux11i-overview.html

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02997184

http://secunia.com/advisories/44574/

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45954/

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-red-hat-desktop-red.html

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-0419, CVE-2011-3192

危険性：Medium Risk

Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server (SLES) 11 (Apache 2.2.x)

回避策：SUSE-SU-2011:1000-1にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費, セキュリティ強度の問題, クラッシュ

ソース：

http://www.novell.com/promo/home/sle11.html

https://hermes.opensuse.org/messages/11682644

http://secunia.com/advisories/40206/

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45869/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2010-1452, CVE-2011-3192

危険性：Medium Risk

Canonical Ltd. Ubuntu Linux, IBM HTTP Server, Cisco Quad, Novell openSUSE, 日立 Web Server

ソフト名：Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10, IBM HTTP Server 2.0.42/2.0.47/6.0〜6.0.2.43/6.1〜6.1.0.39/7.0〜7.0.0.17/8.0, Cisco Quad, Novell openSUSE 11.3/11.4, 日立 Web Server 3.x/4.x (Apache 2.2.19)

回避策：USN-1199-1にて対応, あり, 未対応, openSUSE-SU-2011:0993-1にて対応, HS11-019にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.ubuntu.com/

http://www-01.ibm.com/software/webservers/httpservers/

http://www-01.ibm.com/software/webservers/httpservers/library/

http://www.cisco.com/en/US/products/ps10668/index.html

http://www.opensuse.org/en/

http://www.hitachi.com/

http://www.ubuntu.com/usn/usn-1199-1/

http://www.ibm.com/support/docview.wss?uid=swg21512087

http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml

http://lists.opensuse.org/opensuse-updates/2011-09/msg00002.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45732/

http://secunia.com/advisories/45824/

http://secunia.com/advisories/45865/

http://secunia.com/advisories/45872/

http://secunia.com/advisories/45892/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Red Hat Desktop, Red Hat Enterprise Linux, IBM OS/400

ソフト名：Red Hat Desktop 4.x, Red Hat Enterprise Linux AS 4/ES 4/WS 4/5 (Server)/Desktop 5/Desktop Workstation 5/Desktop 6/HPC Node 6/Server 6/Workstation 6, IBM OS/400 V6R1M0 (Apache 2.2.19)

回避策：RHSA-2011:1245-01にて対応, APAR SE49334, SE49334にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.redhat.com/rhel/

http://www.redhat.com/rhel/server/

http://www.redhat.com/rhel/desktop/

http://www-03.ibm.com/systems/i/software/

https://rhn.redhat.com/errata/RHSA-2011-1245.html

https://www.ibm.com/support/docview.wss?uid=nas2aae02620b9b78d9e862578fe003c799b

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45822/

http://secunia.com/advisories/45644/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Debian GNU/Linux

ソフト名：Debian GNU/Linux 5.0/6.0 (Apache 2.2.x)

回避策：DSA-2298-1にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費, クラッシュ

ソース：

http://www.debian.org/

http://www.debian.org/security/2011/dsa-2298

http://secunia.com/advisories/40206/

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45696/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2010-1452, CVE-2011-3192

危険性：Medium Risk

Apache

ソフト名：Apache 2.2.19

回避策：あり

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://httpd.apache.org/

http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E

http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0203.html

https://issues.apache.org/bugzilla/show_bug.cgi?id=51714

http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3Calpine.DEB.2.00.1108231306230.24177@eru.sfritsch.de%3E

http://secunia.com/advisories/45606/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Apache, Apache APR, Debian GNU/Linux

ソフト名：Apache 2.2.18, Apache APR 1.4.4, Debian GNU/Linux 5.0/6.0

回避策：あり, DSA-2237-2にて対応

脆弱性：DoS攻撃, 無限ループ

ソース：http://httpd.apache.org/

http://www.debian.org/

http://mail-archives.apache.org/mod_mbox/httpd-announce/201105.mbox/%3C4DD55092.3030403@apache.org%3E

https://issues.apache.org/bugzilla/show_bug.cgi?id=51219

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627182

http://lists.debian.org/debian-security-announce/2011/msg00108.html

http://secunia.com/advisories/44558/

http://secunia.com/advisories/44613/

http://secunia.com/advisories/44661/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928

CVE：CVE-2011-1928

危険性：Medium Risk

Apache, Apache APR, Red Hat Desktop, Red Hat Enterprise Linux

ソフト名：Apache 2.2.18未満, Apache APR 1.4.4未満, Red Hat Desktop 4.x, Red Hat Enterprise Linux AS 4/ES 4/WS 4/5 (Server)/Desktop 5/HPC Node 6/Server 6/Workstation 6

回避策：アップデートにて対応, RHSA-2011:0507-1にて対応

脆弱性：DoS攻撃, 無限再帰エラー, スタックオーバーフロー

ソース：http://httpd.apache.org/

http://www.redhat.com/rhel/

http://www.redhat.com/rhel/desktop/

http://www.redhat.com/rhel/server/

http://httpd.apache.org/security/vulnerabilities_22.html

http://www.apache.org/dist/apr/CHANGES-APR-1.4

http://www.apache.org/dist/httpd/Announcement2.2.html

http://securityreason.com/achievement_securityalert/98

http://rhn.redhat.com/errata/RHSA-2011-0507.html

http://secunia.com/advisories/44490/

http://secunia.com/advisories/44564/

http://secunia.com/advisories/44574/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

CVE：CVE-2011-0419

危険性：Medium Risk

HP OpenVMS

ソフト名：HP OpenVMS 6.x/7.x/8.x (Apache 1.3.x/2.0.x/2.2.x, PCRE 6.2未満, OpenBSD OpenSSL 0.9.8m未満, PHP 5.2.11未満)

回避策：HPSBOV02683 SSRT090208にて対応

脆弱性：セキュリティ制限の回避, XSS, データ操作, 権限の昇格, DoS攻撃, システムアクセス, バッファオーバーフロー, バウンダリエラー, プロセスのクラッシュ, リモートコード実行, 整数オーバーフロー, メモリ破壊, 不正HTMLの実行, スクリプトコード実行, NULLポインタ参照エラー, クラッシュ, キャッシュ汚染, オフバイワンエラー, 無限ループ, メモリの浪費, CPUリソースの浪費, 入力検証エラー, リモートコマンド実行, 不明なエラー, SQLインジェクション, TLSプロトコルエラー, テキストインジェクション, マンインミドル攻撃, 不正HTTPのリクエスト

ソース：http://h71000.www7.hp.com/

https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02824490

http://secunia.com/advisories/10096/

http://secunia.com/advisories/11841/

http://secunia.com/advisories/16502/

http://secunia.com/advisories/18008/

http://secunia.com/advisories/18307/

http://secunia.com/advisories/21172/

http://secunia.com/advisories/21197/

http://secunia.com/advisories/21709/

http://secunia.com/advisories/22130/

http://secunia.com/advisories/28081/

http://secunia.com/advisories/35781/

http://secunia.com/advisories/36675/

http://secunia.com/advisories/36791/

http://secunia.com/advisories/37291/

http://secunia.com/advisories/38319/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0840

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0542

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0010

CVE：CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010

危険性：High Risk

Oracle OpenSolaris, Sun Solaris

ソフト名：Oracle OpenSolaris 2009.06, Sun Solaris 10 (Apache 2.2.12未満, OpenBSD OpenSSL 0.9.8m未満)

回避策：あり

脆弱性：セキュリティ制限の回避, データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, リモートコマンド実行, CPUリソースの浪費, NULLポインタ参照エラー, クラッシュ, 入力検証エラー, TLSプロトコルエラー, マンインミドル攻撃, 不正HTTPのリクエスト, リモートコード実行

ソース：http://hub.opensolaris.org/bin/view/Main/

http://www.oracle.com/us/products/servers-storage/solaris/index.html?origref=http://secunia.com/advisories/product/4813/

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache

http://secunia.com/advisories/35261/

http://secunia.com/advisories/35781/

http://secunia.com/advisories/36549/

http://secunia.com/advisories/36675/

http://secunia.com/advisories/37291/

http://secunia.com/advisories/38776/

http://secunia.com/advisories/40206/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0408

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452

CVE：CVE-2009-1195, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555, CVE-2010-0408, CVE-2010-0425, CVE-2010-0434, CVE-2010-1452

危険性：Medium Risk

HP-UX

ソフト名：HP-UX B.11.11/B.11.23/B.11.31 (Apache 2.0.64未満, Apache Tomcat 5.5.33未満)

回避策：HPSBUX02645 SSRT100387にて対応

脆弱性：セキュリティ制限の回避, XSS, DoS攻撃, プロセスのハング

ソース：http://h71028.www7.hp.com/enterprise/w1/en/os/hpux11i-overview.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02752210

http://secunia.com/advisories/38852/

http://secunia.com/advisories/43198/

http://secunia.com/advisories/43991/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013

CVE：CVE-2009-3560, CVE-2009-3720, CVE-2010-1623, CVE-2010-3718, CVE-2010-4476, CVE-2011-0013

危険性：Medium Risk

Apache

ソフト名：Apache Software Foundation Apache 2.2.15
回避策：アップデートにて対応
脆弱性：機密情報の奪取
ソース：http://httpd.apache.org/security/vulnerabilities_22.html
http://www.securityfocus.com/bid/40827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2068
http://secunia.com/advisories/40206
http://www.vupen.com/english/advisories/2010/1436
CVE：CVE-2010-2068
危険性：Low Risk

Apache SpamAssassin Milter Plugin

ソフト名：Apache SpamAssassin Milter Plugin 0.3.1
回避策：未対応
脆弱性：リモートコマンド実行
ソース：http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
http://secunia.com/advisories/38840
http://securitytracker.com/alerts/2010/Mar/1023691.html
危険性：High Risk

Apache HTTP Server

ソフト名：Apache HTTP Server 2.0.44
回避策：未対応
脆弱性：スプーフィング攻撃, XSS
ソース：http://archives.neohapsis.com/archives/bugtraq/2003-03/0073.html
CVE：CVE-2003-1580, CVE-2003-1581
危険性：Medium Risk

mod_proxy module for Apache

ソフト名：mod_proxy module for Apache 1.3～1.3.41

回避策：バージョンアップで対応
脆弱性：ヒープオーバーフロー, リモートコード実行, アプリケーションのクラッシュ
CVE：CVE-2010-0010
ソース：

http://httpd.apache.org/dev/dist/CHANGES_1.3.42

Apache Tomcat

Apache Tomcat 5.5.0、5.5.1、5.5.28
バージョンアップで対応
ディレクトリトラバーサル
機密情報の奪取
CVE-2009-2902
CVE-2009-2901
CVE-2009-2693
http://tomcat.apache.org/security-5.html