RedHat Update for httpd RHSA-2015:1667-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for httpd RHSA-2015:1668-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20150824)

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

RHEL 7 : httpd (RHSA-2015:1667)

Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for ea...

RHEL 6 : httpd (RHSA-2015:1668)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1668 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parse...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150824)

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

Oracle Linux 6 : httpd (ELSA-2015-1668)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1668 advisory. - fix regressions caused by fix for CVE-2015-3183 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 7 : httpd (ELSA-2015-1667)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1667 advisory. - core: fix chunk header parsing defect CVE-2015-3183 Tenable has extracted the preceding description block directly from the Oracle Linux security...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

httpd security update

2.4.6-31.0.1.el71.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-31.1 - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-3185...

httpd security update

2.2.15-47.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-47 - fix regressions caused by fix for CVE-2015-3183 2.2.15-46 - core: fix chunk header parsing defect CVE-2015-3183...

VideoLAN VLC Media Player Cross-Site Scripting Vulnerability

VideoLAN VLC Media Player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc., and so on. A...

DSA-3325-2 apache2 - regression update

Bulletin has no description...

Amazon Linux AMI : httpd24 (ALAS-2015-579)

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. CVE-2015-3185...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

Amazon Linux AMI : httpd (ALAS-2015-578)

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

CentOS 6 : subversion (CESA-2015:1633)

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Cross site scripting

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...