mod_jk: connector path traversal due to mishandled HTTP requests in httpd

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.40-i586-1slack14.2.txz: Upgraded. Several security bugs have been fixed in this...

Photon OS 1.0: Httpd PHSA-2017-0013

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121683;...

Photon OS 1.0: Httpd PHSA-2017-0027

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0027. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121721;...

Photon OS 2.0: Httpd PHSA-2018-2.0-0089

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0089. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121991...

Photon OS 1.0: Httpd PHSA-2018-1.0-0181

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0181. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121885...

Photon OS 2.0: Httpd PHSA-2018-2.0-0039

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0039. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121934...

Photon OS 1.0: Httpd PHSA-2018-1.0-0126

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121822...

Photon OS 1.0: Httpd PHSA-2019-1.0-0203

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid122016...

Design/Logic Flaw

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

DEBIAN-CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-11803

CVE-2018-11803 affects Subversion’s mod_dav_svn Apache HTTPD module, specifically versions 1.11.0 and 1.10.0 through 1.10.3, where dereferencing an uninitialized pointer when the client omits the root path during a recursive directory listing can crash the server. The vulnerability is documented ...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

Apache Httpd < 2.4.39 : mod_http2, read-after-free on a string compare

Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly...

Apache Httpd < 2.4.39 : mod_http2, possible crash on late upgrade

When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for...