MiracleLinux 3 : httpd-2.2.3-76.0.1.AXS3 (AXSA:2013-45:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-45:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2008-0455 Cross-site scriptin...

K17189: Apache HTTP server vulnerability CVE-2008-0456

Security Advisory Description CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP...

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

SOL17189 - Apache HTTP server vulnerability CVE-2008-0456

Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can...

Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)

The remote host is running a version of NSM Network and Security Manager Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A...

Oracle Linux 5 : httpd (ELSA-2013-0130)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0130 advisory. - add security fix for CVE-2008-0456 - add security fix for CVE-2012-2687 850794 Tenable has extracted the preceding description block directly from th...

httpd security, bug fix, and enhancement update

2.2.3-74.0.1.el5 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-74 - further %post scriptlet fix 752618, 867736 2.2.3-73 - fix %post scriptlet output 752618,...

RedHat Update for httpd RHSA-2013:0130-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected", value:"htt...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2013:0130 Updated httpd packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common...

Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities

According to its banner, the version of Apache running on the remote host does not properly escape filenames in 406 responses. A remote attacker can exploit this to inject arbitrary HTTP headers or conduct cross-site scripting attacks by uploading a file with a specially crafted name. Note that t...

Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002

The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002. One or more of the following components are affected: Apache ATS BIND CFNetwork CoreGraphics Cscope CUPS Disk Images enscript Flash Player plug-in Help Viewer iChat International Components for Unicode IPSec...

About the security content of Security Update 2009-002 / Mac OS X v10.5.7

About the security content of Security Update 2009-002 / Mac OS X v10.5.7 Last Modified: May 12, 2009 Article: HT3549 Summary This document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from...

Gentoo Security Advisory GLSA 200803-19 (apache)

The remote host is missing updates announced in advisory GLSA 200803-19. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

CVE-2008-0456

CRLF injection vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP respons...

BELL-CVE-2008-0456 CVE-2008-0456 does not affect BellSoft software

Bulletin has no description...

CVE-2008-0456

CVE-2008-0456 : CRLF injection in the mod_negotiation module of Apache HTTP Server (versions 2.2.x up to 2.2.6, 2.0.x up to 2.0.61, and 1.3.x up to 1.3.39) allows remote authenticated users to upload a file with a multi-line name containing HTTP header sequences, enabling injection into HTTP resp...