PT-2012-2927 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.2 Description: The issue is related to insecure handling of the LD LIBRARY PATH environment variable, which allows a local user to potentially gain privileges by executing a Trojan horse DSO in the...

RedHat Update for httpd RHSA-2012:0323-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2012:0323-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

USN-1368-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...

Session fixation

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a fetch and then calls the sessionstart function, as demonstrated by...

CVE-2012-0788

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a fetch and then calls the sessionstart function, as demonstrated by...

[SECURITY] Fedora 15 Update: php-5.3.10-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

Debian: Security Advisory (DSA-2405-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2405-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 2405-1. OpenVAS Vulnerability Test $Id: deb24051.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2405-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure

The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote...

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

Apache 2.2.15 modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runni...

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. RewriteRule ^...

Mandriva Linux Security Advisory : apache (MDVSA-2012:012)

Multiple vulnerabilities has been found and corrected in apache ASF HTTPD : The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers...

RedHat Update for php53 RHSA-2012:0092-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Critical: Red Hat Security Advisory: php53 security update

Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Apache HTTP Server httpOnly Cookie Information Disclosure

The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. Sending a request with HTTP headers long enough to exceed the server limit causes the web server to respond with an HTTP 400. By default, the offending HTTP header and value are...

Apache HTTP Server "httpOnly" Cookie信息泄露漏洞

BUGTRAQ ID: 51706 CVE ID: CVE 2012-0053 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器，可以在大多数计算机操作系统中运行。 Apache HTTP Server在对状态代码400的默认错误响应的实现上存在Cookie信息泄露漏洞，成功利用后可允许攻击者获取敏感信息。 0 Apache HTTP Server 2.2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://httpd.apache.org/...