MiracleLinux 3 : httpd-2.2.3-76.0.1.AXS3 (AXSA:2013-45:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-45:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2008-0455 Cross-site scriptin...

MiracleLinux 4 : httpd-2.2.15-26.0.1.AXS4 (AXSA:2013-123:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-123:02 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2008-0455 Cross-site scripti...

K15901: Apache HTTP server vulnerability CVE-2012-2687

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web scri...

Apache HTTP Server XSS Vulnerability (Sep 2012) - Linux

Apache HTTP Server is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fre...

SUSE: Security Advisory (SUSE-SU-2013:0830-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0469-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0387-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary File Upload

The httpd packages contain the Apache HTTP Server httpd, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the modnegotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews...

Oracle: Security Advisory (ELSA-2013-0512)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)

The remote host is running a version of NSM Network and Security Manager Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A...

SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0387-1)

This update fixes the following security issues with apache2 httpd : - Improper LDLIBRARYPATH handling CVE-2012-0883 - Filename escaping problem CVE-2012-2687 Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. Note that Tenable Network Security has...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)

This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNIignorecase.diff -...

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL15901)

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

SOL15901 - Apache HTTP server vulnerability CVE-2012-2687

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)

ignore case when checking against SNI server names. bnc798733 httpd-2.2.x-bnc798733-SNIignorecase.diff - better cleanup of busy count after recovering from failure bnc789828 httpd-2.2.x-bnc789828-modbalancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-modproxyajptimeout.diff: backend timeouts...

openSUSE Security Update : apache2 (openSUSE-SU-2013:0245-1)

httpd-2.2.x-bnc798733-SNIignorecase.diff: ignore case when checking against SNI server names. bnc798733 - httpd-2.2.x-bnc777260-CVE-2012-2687-modnegotiationfilenamexss.diff Escape filename for the case that uploads are allowed with untrusted user's control over filenames and modnegotiation...

openSUSE Security Update : apache2 (openSUSE-SU-2013:0629-1)

apache2 was updated to fix : - fix for cross site scripting vulnerability in modbalancer. This is CVE-2012-4558 bnc807152 - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 bnc806458 - Escape filename for the case that uploads are allowed with untrusted user's...

Oracle Linux 5 : httpd (ELSA-2013-0130)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0130 advisory. - add security fix for CVE-2008-0456 - add security fix for CVE-2012-2687 850794 Tenable has extracted the preceding description block directly from th...

Oracle Linux 6 : httpd (ELSA-2013-0512)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0512 advisory. - add security fix for CVE-2012-2687 850794 - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 787599 Tenable has...

Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1

April 14, 2013 Aleksey Avdeev 2.2.24-alt1 - 2.2.24 - Security fixes CVE-2012-3499, CVE-2012-4558, CVE-2012-0883, CVE-2012-2687...