Apache HTTP Server vulnerable to DoS race condition in the handling of short-lived connections

Overview A race condition exists in Apache 2 HTTP Server that may cause a denial-of-service condition on some platforms. Description Apache HTTP Server versions 2.0.48 and prior contain a race condition in the handling of short-lived connections. According to the Apache anouncement, when using...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages are now available that fix a denial of service vulnerability in modssl and include various other bug fixes. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in modssl in the Apache HTTP Server prior to version...

Important: Red Hat Security Advisory: apache, openssl security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available that fix security issues affecting OpenSSL and the Apache HTTP Server. A number of bug fixes are also included. Stronghold 4 contains a number of open source technologies, including OpenSSL 0.9.6 and the Apache HTTP Server. Testing...

Apache mod_alias vulnerable to buffer overflow via crafted regular expression

Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...

Low: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 3. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

CVE-2003-1418

Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child process IDs PID...

CVE-2003-1307

The modphp module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: th...

Low: Red Hat Security Advisory: : Updated apache packages fix minor security vulnerability

Updated Apache packages that fix a minor security issue are now available for Red Hat Linux 7.1, 7.2, and 7.3. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered i...

Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Linux 8.0 and 9. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration fil...

Low: Red Hat Security Advisory: apache security update

Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in...

Apache: buffer overflows and a possible information disclosure

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...

Apache: multiple buffer overflows

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...

Moderate: Red Hat Security Advisory: : Updated Apache and mod_ssl packages fix security vulnerabilities

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl whi...

Apache stops writing access/error logs after processing "Request-URI" containing "0x1A" characters

Overview A vulnerability in the logging of URI requests may permit a remote attacker to disable logging on an Apache HTTP Server. Version 1.3.27 on Windows systems is reported vulnerable to this issue. Description Apache HTTP Server 1.3.27 running on Win32 systems contains a vulnerability that...

[SNS Advisory No.66] Apache HTTP Server v2 Causes a DoS When Parsing a Type-Map File

---------------------------------------------------------------------- SNS Advisory No.66 Apache HTTP Server v2 Causes a DoS When Parsing a Type-Map File Problem first discovered on: Thu, 26 Dec 2002 Published on: Wed, 09 Jul 2003 Reference: http://www.lac.co.jp/security/english/snsadve/66e.html...

[ANNOUNCE][SECURITY] Apache 2.0.47 released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache 2.0.47 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the tenth public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.47 as compared to 2.0.46...

Apache Portable Runtime contains heap buffer overflow in apr_psprintf()

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to conduct denial-of-service attacks against an affected server. Description The Apache HTTP server contains a heap buffer overflow vulnerability in the aprpsprintf function. The Apache Softwar...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...