5747 matches found
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0021
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
Format string
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0021
CVE-2012-0021 affects Apache HTTP Server 2.2.17–2.2.21 when using a threaded MPM. The log_cookie function mishandles a %{}C format string in cookies, enabling a remote attacker to cause a denial of service (daemon crash) by sending a cookie with no name and no value. Connected sources (F5 advisor...
CVE-2012-0053
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
CVE-2012-0021
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a fetch and then calls the sessionstart function, as demonstrated by...
[SECURITY] Fedora 16 Update: php-5.3.9-1.fc16
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
CVE-2012-0031
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...
Design/Logic Flaw
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...
Important: Red Hat Security Advisory: mod_cluster-native security update
An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: mod_cluster-native security update
An update for the Native components for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: mod_cluster-native security update
An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scorin...
Important: Red Hat Security Advisory: mod_cluster-native security update
An update for the modcluster native component for JBoss Enterprise Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: mod_cluster-native security update
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
Apache 2.2.x Scoreboard本地安全限制绕过漏洞
BUGTRAQ ID: 51407 CVE ID: CVE-2012-0031 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server中的子进程可以更改scoreboard共享内存段的内存类型记录,这会被利用造成父进程关闭时无效的释放操作,使本地攻击者可绕过某些安全限制。 0 Apache 2.2.x 厂商补丁: Apache Group ------------...
Moderate: Red Hat Security Advisory: php53 and php security update
Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Code injection
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the modreqtimeout module in versions before 2.2.15...