OVAL Definition Details: oval:org.mitre.oval:def:28396

oval:org.mitre.oval:def:28396

Version

Class

patch

ALTXid

75310

Language

English

Severity

High

Title

RHSA-2009:1148 -- httpd security update (Important)

Description

Updated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A denial of service flaw was found in the Apache mod_proxy module when it
was used as a reverse proxy. A remote attacker could use this flaw to force
a proxy process to consume large amounts of CPU time. (CVE-2009-1890)

Family

unix

Platform

Product

httpd

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2015-06-29T10:53:15 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2015-07-06T11:17:20.959-04:00 : status_change DRAFT
- 2015-07-27T04:00:14.437-04:00 : status_change INTERIM
- 2015-08-17T04:00:16.434-04:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2009:1148

CESA-2009:1148: CESA-2009:1148-CentOS 5

CVE: CVE-2009-1890

CVE: CVE-2009-1891

Criteria

Expand All

Collapse All

AND

Red Hat Enterprise Linux 5 release section

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

OR Packages match section
- CRITERION httpd-devel is earlier than 0:2.2.3-22.el5_3.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140936) check=all, check_existence=at_least_one_exists, comment=httpd-devel is earlier than 0:2.2.3-22.el5_3.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14256)
      name httpd-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39324)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5_3.2
- CRITERION httpd-manual is earlier than 0:2.2.3-22.el5_3.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140350) check=all, check_existence=at_least_one_exists, comment=httpd-manual is earlier than 0:2.2.3-22.el5_3.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14457)
      name httpd-manual
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39324)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5_3.2
- CRITERION httpd is earlier than 0:2.2.3-22.el5_3.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140580) check=all, check_existence=at_least_one_exists, comment=httpd is earlier than 0:2.2.3-22.el5_3.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14173)
      name httpd
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39324)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5_3.2
- CRITERION mod_ssl is earlier than 0:2.2.3-22.el5_3.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140927) check=all, check_existence=at_least_one_exists, comment=mod_ssl is earlier than 0:2.2.3-22.el5_3.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14422)
      name mod_ssl
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39324)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5_3.2

AND

CentOS Linux 5 release section

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

OR Packages match section
- CRITERION httpd is earlier than 0:2.2.3-22.el5.centos.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140525) check=all, check_existence=at_least_one_exists, comment=httpd is earlier than 0:2.2.3-22.el5.centos.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14173)
      name httpd
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39495)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5.centos.2
- CRITERION httpd-devel is earlier than 0:2.2.3-22.el5.centos.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140763) check=all, check_existence=at_least_one_exists, comment=httpd-devel is earlier than 0:2.2.3-22.el5.centos.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14256)
      name httpd-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39495)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5.centos.2
- CRITERION httpd-manual is earlier than 0:2.2.3-22.el5.centos.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:140545) check=all, check_existence=at_least_one_exists, comment=httpd-manual is earlier than 0:2.2.3-22.el5.centos.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14457)
      name httpd-manual
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39495)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5.centos.2
- CRITERION mod_ssl is earlier than 0:2.2.3-22.el5.centos.2
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:141033) check=all, check_existence=at_least_one_exists, comment=mod_ssl is earlier than 0:2.2.3-22.el5.centos.2, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:14422)
      name mod_ssl
    - rpminfo_state (ID = oval:org.mitre.oval:ste:39495)
      evr datatype=evr_string | operation=less than | value=0:2.2.3-22.el5.centos.2

Access vector:	COMPLETE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	COMPLETE

Access vector:	COMPLETE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	COMPLETE


	2008-2020, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Professional OVAL Repository