Apache HTTP Server 2.4.6, 2.4.7, 2.4.9 Vulnerability

Binary data 700213.prm...

Apache HTTP Server 2.4.6 'mod_cache' NULL Pointer Dereference

Binary data 8342.prm...

[USN-2299-1] Apache HTTP Server vulnerabilities

========================================================================== Ubuntu Security Notice USN-2299-1 July 23, 2014 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SECURITY] Fedora 20 Update: httpd-2.4.10-1.fc20

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] [DSA 2989-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2989-1 [email protected] http://www.debian.org/security/ Stefan Fritsch July 24, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2989-1 (apache2 - security update)

Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. CVE-2014-0226 A ra...

DSA-2989-1 apache2 - security update

Bulletin has no description...

Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2299-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2299-1 advisory. Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to st...

RHEL 5 / 6 : httpd (RHSA-2014:0920)

Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Oracle Linux 7 : httpd (ELSA-2014-0921)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0921 advisory. - modcgid: add security fix for CVE-2014-0231 1120607 - modproxy: add security fix for CVE-2014-0117 1120607 - moddeflate: add security fix for...

CentOS 5 / 6 : httpd (CESA-2014:0920)

Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

CentOS 7 : httpd (CESA-2014:0921)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

USN-2299-1: Apache HTTP Server vulnerabilities

Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...

[DLA-0018-1] php5 security update

Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721 CVE-2014-3515: fix unserialize SPL ArrayObject / SPLObjectStorage Type Confusion CVE-2014-0207: fileinfo: cdfreadshortsector insufficient boundary check CVE-2014-3480: fileinfo: cdfcountcha...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

httpd: mod_cache NULL pointer dereference crash

A NULL pointer dereference flaw was found in the modcache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

CVE-2014-3523

Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...