Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

Remote Code Execution (RCE)

httpd is vulnerable to remote code execution RCE. The modrewrite.c in the modrewrite module does not sanitize non-printable characters before writing to a log file, allowing a remote attacker to inject escape sequences for a terminal emulator into the log file via an HTTP request, resulting in...

Denial Of Service (Dos)

httpd is vulnerable to denial of service. Whitespace characters from CDATA sections are not properly removed in the davxmlgetcdata function in main/util.c, which would allow remote attackers to crash the daemon via a malicious DAV WRITE request...

Cross-site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via hostnames and URIs in the modimagemap, modinfo, modldap, modproxyftp and modstatus modules...

Denial Of Service (DoS)

Subversion SVN is vulnerable to denial of service. The moddavsvn module does not properly handle large numbers of properties such as those set with svn propset. This allows a remote attacker to cause the httpd process to consume an excessive amount of resources, potentially leading to a crash...

Fedora 28 : httpd (2018-49d3b42425)

This update includes the latest upstream release, httpd 2.4.34, with multiple bug fixes and enhancements. See http://www.apache.org/dist/httpd/CHANGES2.4.34 for more information on the changes in this version. A security vulnerability is addressed in this update : - modmd: DoS via Coredumps on...

Fedora 28 : mod_perl (2018-0ddef94854)

This release fixes CVE-2011-2767 vulnerability an arbitrary Perl code execution in the context of the httpd server by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Fedora 29 : mod_perl (2018-f6a5b71464)

This release fixes CVE-2011-2767 vulnerability an arbitrary Perl code execution in the context of the httpd server by disabling sections in non-server-level configuration. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Apache Httpd < 2.4.38 : mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1

A bug exists in the way modssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause modssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or...

Apache2 mod_http2 header Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP2 headers. A crafted HTTP2 request can trigger a...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: Several security bugs have been fixed in this release: Segfault when using convert.quoted-printable-encode filter. Null pointer dereference i...

SUSE SLES11 Security Update : apache2-mod_jk (SUSE-SU-2018:3970-1)

This update for apache2-modjk fixes the following issues : Security issues fixed : CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in httpd bsc1114612. CVE-2014-8111: Apache Tomcat Connectors modjk ignored JkUnmount rules for subtrees of previous JkMount rules, whic...

RHEL 6 : openshift-origin-broker (RHSA-2014:0422)

Updated openshift-origin-broker and rubygem-openshift-origin-auth-remote-user packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring...

RHEL 6 : openshift-origin-broker (RHSA-2014:0423)

Updated openshift-origin-broker and rubygem-openshift-origin-auth-remote-user packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0.5. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring...

Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2478)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-2972)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Security Bulletin: Multiple vulnerabilities in Apache Tomcat, Open SSL, and Apache HTTPD affects Rational Build Forge

Summary Apache Tomcat, Open SSL, and Apache Tomcat have multiple security vulnerabilities that could allow a remote attacker to exploit the Rational Build Forge application. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details This section...

httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

Tenda AC Series Router Buffer Overflow Vulnerability (CNVD-2019-09140)

AC series is a router product launched by Tenda. A buffer overflow vulnerability exists in the web server httpd of Tenda AC Series routers, which can be exploited by an attacker to cause a denial of service...