httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

[SECURITY] Fedora 15 Update: php-5.3.11-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability

Apache HTTP Server is prone to a cookie information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞

Bugtraq ID: 53046 CVE ID：CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LDLIBRARYPATH，可导致在当前工作目录中搜索DSO，攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞，建议用户下载使用： http://www.apache.org/...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

Fedora Update for httpd FEDORA-2011-12667

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2011-12667 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for httpd FEDORA-2012-1598

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2012-1598 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

Design/Logic Flaw

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

CVE-2012-1181 affects the Apache mod_fcgid module (version 2.3.6) where fcgid_spawn_ctl.c fails to recognize the FcgidMaxProcessesPerClass directive for a virtual host. This misbehavior can allow remote attackers to trigger a higher-than-intended process count, leading to memory consumption and p...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

Fedora Update for httpd FEDORA-2012-1642

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2012-1642 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15

The Apache HTTP Server is a powerful, efficient, and extensible web server...

IBM WebSphere Application Server for z/OS JAX-RPC远程安全漏洞

BUGTRAQ ID: 52250 CVE ID: CVE-2012-0199 IBM WebSphere Application Server WAS是由IBM遵照开放标准，例如Java EE, XML 还有Web Services，开发并发行的一种应用服务器。与其兼容的Web服务器包括：Apache HTTP Server，Netscape Enterprise Server，Microsoft Internet Information Services IIS以及IBM HTTP Server。 IBM WebSphere Application Server for...