apache security update

CentOS Errata and Security Advisory CESA-2008:0004-01 Updated apache packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popul...

SecurityReason - Apache (mod_status) Refresh Header - Open Redirector (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason - Apache modstatus Refresh Header - Open Redirector XSS Author: sp3x Date: - - Written: 15.12.2007 - - Public: 15.01.2008 SecurityReason Research SecurityAlert Id: 50 CVE: CVE-2007-6388 SecurityRisk: Low Affected Software: Apache 2.2.x...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0006 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0005 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimagemap...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct security issues are now available for Red Hat Application Stack v1 This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimagemap...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

RHEL 3 : httpd (RHSA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

Apache 'mod_proxy_balancer'存在多个漏洞

BUGTRAQ ID: 27236 CVE ID:CVE-2007-6420 CVE-2007-6421 CVE-2007-6422 CVE-2007-6423 CNCVE ID:CNCVE-20076420 CNCVE-20076421 CNCVE-20076422 CNCVE-20076423 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxybalancer模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本，CSRF，拒绝服务等攻击。 1，由于所有行为通过GET访问执行，存在“CSRF”攻击。...

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

BUGTRAQ ID: 27237 CVE ID:CVE-2007-6388 CNCVE ID:CNCVE-20076388 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modstatus模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 server-status页默认不启用。目前没有详细漏洞细节提供。 Posadis Posadis 1.3.31 Posadis Posadis 1.3.28 Apache Software Foundation Apache 2.2.6 Apac...

Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞

BUGTRAQ ID: 27234 CVE ID:CVE-2008-0005 CNCVE ID:CNCVE-20080005 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的modproxyftp模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 modproxyftp.c存在跨站脚本问题，字符集没有定义，我们可以通过设置字符集未UTF-7，在URL中使用";"字符进行跨站脚本攻击。 Apache Software Foundation Apache 2.2.6 Apache...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

Memory corruption

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

CVE-2007-6420

Cross-site request forgery CSRF vulnerability in the balancer-manager in modproxybalancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors...

CVE-2007-6423

The CVE-2007-6423 issue concerns Apache HTTP Server 2.2.x on Windows, where mod_proxy_balancer could trigger memory corruption through a long URL. The Red Hat advisory notes the vulnerability as unspecified and unreproducible by the vendor, while Red Hat indicates that Apache 2.2.7-dev contains a...

CVE-2007-6423

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...

CVE-2007-6423

Unspecified vulnerability in modproxybalancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue...