Hi, Can someone please suggest me whats causing this issue, I see it on openvassd.dump file
[17903](/var/lib/openvas/plugins/ssh_authorization.nasl) gnutls_x509_privkey_import_pkcs8: Decryption has failed. (-24)" Thanks and Regards Kaushal On Mon, Sep 13, 2010 at 11:26 AM, Kaushal Shriyan <[email protected]> wrote: > Hi > > I have ran openvas scanner on one of the client host. The report > suggests Apache versions prior to 2.2.15-dev are affected. I had a > word with Ubuntu Security Team, "Your OpenVAS scan is a false alert, > as it's relying on the version number" Please suggest/guide. > > Thanks and Regards > > Kaushal > > Overview: > Apache is prone to multiple vulnerabilities. > > These issues may lead to information disclosure or other attacks. > > Apache versions prior to 2.2.15-dev are affected. > > Solution: > These issues have been addressed in Apache 2.2.15-dev. Apache 2.2.15 > including fixes will become available in the future as well. Please > see the references for more information. > > References: > http://www.securityfocus.com/bid/38494 > http://httpd.apache.org/security/vulnerabilities_22.html > http://httpd.apache.org/ > https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 > http://svn.apache.org/viewvc?view=revision&revision=917870 > > Risk factor : Medium > CVE : CVE-2010-0425, CVE-2010-0434, CVE-2010-0408 > BID : 38494, 38491 > OID : 1.3.6.1.4.1.25623.1.0.100514 > > Overview: > Apache HTTP Server is prone to multiple remote denial-of-service > vulnerabilities. > > An attacker can exploit these issues to deny service to > legitimate users. > > Versions prior to Apache 2.2.16 are vulnerable. > > Solution: > These issues have been fixed in Apache 2.2.16. Please see the > references for more information. > > References: > https://www.securityfocus.com/bid/41963 > http://httpd.apache.org/download.cgi > http://httpd.apache.org/ > http://www.apache.org/dist/httpd/Announcement2.2.html > http://www.apache.org/dist/httpd/CHANGES_2.2.16 > CVE : CVE-2010-1452 > BID : 41963 > OID : 1.3.6.1.4.1.25623.1.0.100725 > > > > Overview: > This host is running Apache HTTP Server and is prone to Denial of Service > vulnerability. > > Vulnerability Insight: > The flaw is due to error in 'stream_reqbody_cl' function in 'mod_proxy_http.c' > in the mod_proxy module. When a reverse proxy is configured, it does > not properly > handle an amount of streamed data that exceeds the Content-Length value via > crafted requests. > > Impact: > Successful exploitation will allow remote attackers to cause Denial of Service > to the legitimate user by CPU consumption. > > Impact Level: Application > > Affected Software/OS: > Apache HTTP Server version prior to 2.3.3 > > Fix: > Fixed in the SVN repository. > http://svn.apache.org/viewvc?view=rev&revision=790587 > > References: > http://secunia.com/advisories/35691 > http://www.vupen.com/english/advisories/2009/1773 > http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=790587&r2=790586&pathrev=790587 > > CVSS Score: > CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) > CVSS Temporal Score : 3.7 > Risk factor : Medium > CVE : CVE-2009-1890 > BID : 35565 > OID : 1.3.6.1.4.1.25623.1.0.800827 > _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
