CVE-2009-2699 SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2017:2907-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for apache2 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:2907-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:2907-1: SUSE Enterprise Linux

Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1002593: Allow HTTP (Including WebDAV) Methods
Virtual Patch #1004921: 1004921 – Apache HTTP Server ‘mod_log_config’ Denial Of Service Vulnerability

Leave a Reply