Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-805-1
HistorySep 08, 2005 - 12:00 a.m.

apache2 - several

2005-09-0800:00:00
Google
osv.dev
7

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Several problems have been discovered in Apache2, the next generation,
scalable, extendable web server. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CAN-2005-1268
    Marc Stern discovered an off-by-one error in the mod_ssl
    Certificate Revocation List (CRL) verification callback. When
    Apache is configured to use a CRL this can be used to cause a
    denial of service.

  • CAN-2005-2088
    A vulnerability has been discovered in the Apache web server.
    When it is acting as an HTTP proxy, it allows remote attackers to
    poison the web cache, bypass web application firewall protection,
    and conduct cross-site scripting attacks, which causes Apache to
    incorrectly handle and forward the body of the request.

  • CAN-2005-2700
    A problem has been discovered in mod_ssl, which provides strong
    cryptography (HTTPS support) for Apache that allows remote
    attackers to bypass access restrictions.

  • CAN-2005-2728
    The byte-range filter in Apache 2.0 allows remote attackers to
    cause a denial of service via an HTTP header with a large Range
    field.

The old stable distribution (woody) does not contain Apache2 packages.

For the stable distribution (sarge) these problems have been fixed in
version 2.0.54-5.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.54-5.

We recommend that you upgrade your apache2 packages.

CPENameOperatorVersion
apache2eq2.0.54-4

Related

debian 6
nessus 39
openvas 43
suse 4
centos 3
redhat 3
ubuntu 2
f5 4
cve 4
ubuntucve 4
checkpoint_advisories 1
httpd 4
gentoo 2
debiancve 4
freebsd 2
cert 1
slackware 2
securityvulns 1
osv 2
debian
debian
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 807-1] New mod_ssl packages fix acl restriction bypass
2005-09-12 14:21:07
nessus
nessus
Debian DSA-805-1 : apache2 - several vulnerabilities
2005-09-12 00:00:00
Apache < 2.0.55 Multiple Vulnerabilities
2008-03-26 00:00:00
HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
2006-03-21 00:00:00
openvas
openvas
Debian Security Advisory DSA 805-1 (apache2)
2008-01-17 00:00:00
SLES9: Security update for Apache 2 oes/CORE
2009-10-10 00:00:00
SLES9: Security update for Apache 2 oes/CORE
2009-10-10 00:00:00
suse
suse
authentication bypass in apache,apache2
2005-08-16 08:42:40
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
local command execution, authentication bypass, in apache2
2005-09-12 13:00:50
centos
centos
httpd, mod_ssl security update
2005-09-06 15:58:02
httpd, mod_ssl security update
2005-07-25 10:13:58
mod_ssl security update
2005-09-16 00:34:35
redhat
redhat
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
(RHSA-2005:582) httpd security update
2005-07-25 00:00:00
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-08-04 00:00:00
Apache 2 vulnerabilities
2005-09-07 00:00:00
f5
f5
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700
2013-03-28 00:00:00
cve
cve
CVE-2005-2700
2005-09-06 23:03:00
CVE-2005-1268
2005-08-05 04:00:00
CVE-2005-2728
2005-08-30 11:45:00
ubuntucve
ubuntucve
CVE-2005-2700
2005-09-06 00:00:00
CVE-2005-2728
2005-08-30 00:00:00
CVE-2005-1268
2005-08-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Byte-Range Filter Denial of Service (CVE-2005-2728)
2010-07-25 00:00:00
httpd
httpd
Apache Httpd < 2.0.55 : Byterange filter DoS
2005-07-07 00:00:00
Apache Httpd < 2.0.55 : SSLVerifyClient bypass
2005-08-30 00:00:00
Apache Httpd < 2.0.55 : HTTP Request Spoofing
2005-10-14 00:00:00
gentoo
gentoo
Apache 2.0: Denial of Service vulnerability
2005-08-25 00:00:00
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
debiancve
debiancve
CVE-2005-2700
2005-09-06 23:03:00
CVE-2005-1268
2005-08-05 04:00:00
CVE-2005-2728
2005-08-30 11:45:00
freebsd
freebsd
apache -- http request smuggling
2005-07-25 00:00:00
apache -- Certificate Revocation List (CRL) off-by-one vulnerability
2005-07-12 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
slackware
slackware
mod_ssl
2005-09-08 15:54:45
slackware-current security updates
2005-09-08 15:55:02
securityvulns
securityvulns
mod_ssl &quot;SSLVerifyClient&quot; Security Bypass Security Issue
2005-09-05 00:00:00
osv
osv
libapache-mod-ssl - acl restriction bypass
2005-09-12 00:00:00
apache - programming error
2005-09-08 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for OSV:DSA-805-1
debian6nessus39openvas43suse4centos3redhat3ubuntu2f54cve4ubuntucve4checkpoint_advisories1httpd4gentoo2debiancve4freebsd2cert1slackware2securityvulns1osv2