A remote attacker could send a specially crafted request to possibly execute arbitrary code, cause Denial of Service, or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Apache HTTP Server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.25"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache< 2.2.25UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-servers/apache	< 2.2.25	UNKNOWN

nessus 50

openvas 46

redhat 7

freebsd 2

kaspersky 1

ubuntu 4

securityvulns 4

hackerone 2

ibm 6

prion 5

f5 10

cve 5

debiancve 4

debian 6

threatpost 1

jvn 1

veracode 3

ubuntucve 5

osv 4

checkpoint_advisories 4

cisco 2

oraclelinux 1

httpd 4

mageia 3

seebug 2

centos 2

suse 4

fedora 3

checkpoint_security 1

kitploit 1

cert 1

slackware 1

apple 2

nmap 1

amazon 1

nessus

GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities

2013-09-24 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2013:1340-1)

2014-06-13 00:00:00

RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1133)

2014-06-26 00:00:00

openvas

Gentoo Security Advisory GLSA 201309-12

2015-09-29 00:00:00

SUSE: Security Advisory (SUSE-SU-2013:1824-1)

2021-06-09 00:00:00

Ubuntu Update for apache2 USN-1903-1

2013-08-01 00:00:00

redhat

(RHSA-2013:1134) Moderate: httpd security update

2013-08-05 15:32:30

(RHSA-2013:1133) Moderate: httpd security update

2013-08-05 15:27:06

(RHSA-2013:1156) Moderate: httpd security update

2013-08-13 00:00:00

freebsd

apache22 -- several vulnerabilities

2013-06-21 00:00:00

apache24 -- several vulnerabilities

2013-07-11 00:00:00

kaspersky

KLA10068 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2013-07-15 00:00:00

OpenSSL vulnerability

2013-07-04 00:00:00

Qt vulnerability

2012-11-08 00:00:00

securityvulns

Apache security vulnerabilities

2013-07-15 00:00:00

[ MDVSA-2013:193 ] apache

2013-07-15 00:00:00

[SECURITY] [DSA 2579-1] apache2 security update

2012-12-02 00:00:00

hackerone

Tor: solving TOR vulnerability, in other to make bruteforce difficult

2017-09-14 14:11:07

Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)

2015-06-09 17:47:58

ibm

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in Apache (CVE-2007-6750)

2022-02-23 19:48:26

Security Bulletin: Denial of service for accessing data using HTTP protocol on IBM SONAS (CVE-2007-6750)

2018-06-18 00:08:32

Security Bulletin: Denial of service for accessing data using HTTP protocol on IBM Storwize V7000 Unified (CVE-2007-6750)

2018-06-18 00:08:33

prion

Code injection

2011-12-27 18:55:00

Design/Logic Flaw

2012-09-15 18:55:00

Command injection

2013-06-10 17:55:00

K12636 : Slowloris denial-of-service attack vulnerability CVE-2007-6750

2015-04-29 00:00:00

SOL12636 - Slowloris denial-of-service attack vulnerability CVE-2007-6750

2011-02-22 00:00:00

SOL14054 - CRIME vulnerability via TLS 1.2 protocol CVE-2012-4929

2012-12-05 00:00:00

cve

CVE-2007-6750

2011-12-27 18:55:00

CVE-2012-4929

2012-09-15 18:55:00

CVE-2013-1862

2013-06-10 17:55:00

debiancve

CVE-2007-6750

2011-12-27 18:55:00

CVE-2012-4929

2012-09-15 18:55:00

CVE-2013-1862

2013-06-10 17:55:00

debian

[SECURITY] [DSA 2627-1] nginx security update

2013-02-17 11:14:31

openssl security update

2014-06-20 16:35:50

[SECURITY] [DSA 2579-1] apache2 security update

2012-11-30 13:22:52

threatpost

Apple Patches Mass of Security Bugs in OS X and Safari

2013-06-05 09:51:54

jvn

JVN#65273415: Android OS issue where it is affected by the CRIME attack

2016-07-22 00:00:00

veracode

Information Leakage

2019-01-15 08:58:53

Denial Of Service (DoS)

2019-01-15 08:57:40

Remote Code Execution (RCE)

2019-01-15 08:57:06

ubuntucve

CVE-2012-4929

2012-09-15 00:00:00

CVE-2013-1862

2013-06-10 00:00:00

CVE-2013-1896

2013-07-10 00:00:00

osv

nginx - information leak

2013-02-17 00:00:00

apache2 - several

2012-11-30 00:00:00

openssl - security update

2014-06-20 00:00:00

checkpoint_advisories

Apache HTTP Server mod_dav MERGE Request Denial of Service (CVE-2013-1896)

2013-09-01 00:00:00

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

2014-12-28 00:00:00

Apache HTTP Server mod_rewrite RewriteLog Command Execution (CVE-2013-1862)

2013-09-09 00:00:00

cisco

Apache HTTP Server MERGE Request Denial of Service Vulnerability

2013-07-11 17:33:19

Apache HTTP Server mod_rewrite Log File Manipulation Vulnerability

2013-05-30 19:48:16

oraclelinux

httpd security update

2013-08-13 00:00:00

httpd

Apache Httpd < 2.2.25 : mod_dav crash

2013-03-07 00:00:00

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

2013-03-13 00:00:00

Apache Httpd < 2.4.6 : mod_dav crash

2013-03-07 00:00:00

mageia

Updated apache packages fix CVE-2013-1896

2013-07-26 15:34:30

Updated apache packages fix security vulnerabilities

2013-06-19 14:11:42

Updated apache packages fix security vulnerabilities

2013-07-26 15:36:22

seebug

Apache HTTP Server日志内终端转义序列命令注入漏洞

2013-05-17 00:00:00

Apache HTTP Server mod_dav.c 拒绝服务漏洞(CVE-2013-1896)

2013-07-17 00:00:00

centos

httpd, mod_ssl security update

2013-08-13 17:32:49

openssl security update

2013-03-04 22:46:45

suse

Security update for apache2 (important)

2014-09-02 21:04:17

Security update for Apache2 (important)

2012-02-18 13:08:15

Security update for Apache2 (important)

2012-03-06 21:08:42

fedora

[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18

2013-04-03 04:51:11

[SECURITY] Fedora 19 Update: httpd-2.4.6-2.fc19

2013-08-09 17:11:09

[SECURITY] Fedora 18 Update: httpd-2.4.6-2.fc18

2013-08-16 23:03:32

checkpoint_security

Check Point response to CVE-2012-4929, CVE-2012-4930 aka CRIME attack

2012-10-20 22:00:00

kitploit

Sitadel - Web Application Security Scanner

2019-01-14 12:13:00

cert

BREACH vulnerability in compressed HTTPS

2013-08-02 00:00:00

slackware

[slackware-security] httpd

2013-08-06 07:20:43

apple

About the security content of macOS Server 5.3

2017-03-27 00:00:00

About the security content of macOS Server 5.3 - Apple Support

2017-03-28 04:58:08

nmap

http-slowloris-check NSE Script

2012-08-24 09:19:30

amazon

Medium: openssl

2013-03-14 22:04:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.958 High

EPSS

Percentile

99.4%

JSON

Related for GLSA-201309-12