Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update

Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

Apache HTTP Server mod_rpaf Denial of Service (CVE-2012-3526)

A denial of service vulnerability has been reported in Apache's HTTP Server...

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

CVE-2012-4557

CVE-2012-4557 affects the Apache HTTP Server, specifically the mod_proxy_ajp module in versions 2.2.12–2.2.21. The vulnerability causes a worker node to enter an error state when a long request-processing time is detected, enabling remote attackers to trigger a denial of service via an expensive ...

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

CVE-2012-4557

The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...

USN-1627-1: Apache HTTP Server vulnerabilities

It was discovered that the modnegotiation module incorrectly handled certain filenames, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin...

Apache HTTP Server 'LD_LIBRARY_PATH'不安全库加载任意代码执行漏洞

BUGTRAQ ID: 53046 CVECAN ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器，可以在大多数计算机操作系统中运行，由于其多平台和安全性被广泛使用，是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本内的envvars 即envvars-std在LDLIBRARYPATH内放置了零长度的目录名称，通过在执行apachectl时在前工作目录内木马DSO，可允许本地用户获取权限。 0 Apache 2.2.x 厂商补丁： Apache Group...

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...

Important: Red Hat Security Advisory: openssl security update

An update for the OpenSSL component for JBoss Enterprise Application Platform 6.0.0 for Solaris and Microsoft Windows that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact...

Apache HTTP Server envvars本地权限提升漏洞

CVE ID: CVE-2012-0883 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器，可以在大多数计算机操作系统中运行，由于其多平台和安全性被广泛使用，是最流行的Web服务器端软件之一。 Apache HTTP Server 2.4.2之前版本的envvars 即envvars-std在LDLIBRARYPATH中放置了零长度的目录名称，可允许本地用户在执行apachectl过程中通过当前工作目录中的木马DSO获取权限。 0 Apache Group HTTP Server 2.4.2 厂商补丁： Apache Group...

CVE-2012-4360

Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-4001

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

Cross site scripting

Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Code injection

The modpagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers...

CVE-2012-4360

CVE-2012-4360 is a cross-site scripting flaw in the mod_pagespeed Apache module (versions 0.10.19.1–0.10.22.4) that allowed remote attackers to inject arbitrary script via unspecified vectors. The issue affects Apache HTTP Server deployments using mod_pagespeed and could enable execution of JavaS...

CVE-2012-4360

Cross-site scripting XSS vulnerability in the modpagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...