DEBIAN-CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

mod_dav_svn, subversion security update

CentOS Errata and Security Advisory CESA-2015:1633 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

Medium: httpd24

Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

Medium: httpd

Issue Overview: Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly...

Debian DSA-3331-1 : subversion - security update

Several security issues have been found in the server components of the version control system subversion. - CVE-2015-3184 Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that...

CVE-2015-3184

CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...

[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3331-1 (subversion - security update)

Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion OpenVAS Vulnerability Test $Id: deb3331.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3331-1 using nvtgen 1.0 Script version: 1.0 Author...

FreeBSD : subversion -- multiple vulnerabilities (57bb5e3d-3c4f-11e5-a4d4-001e8c75030d)

Subversion reports : CVE-2015-3184 : Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. CVE-2015-3187 : Subversion servers, both httpd and svnserve, will reveal some paths that should be hidden by...

Linksys WRT54G router overflow vulnerability analysis-operating environmental remediation-vulnerability warning-the black bar safety net

This excerpt from the secret home router 0day vulnerability Mining Technology of Wu Shaohua editor, Wang Wei, Zhao Xu, EDS., Publishing House of electronics industry 2 0 1 5 年 8 月 publication. In this Chapter the experimental test environment described in Table 1 3-1 shown in Fig. Table 1 3-1 The...

UBUNTU-CVE-2015-3184

modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20150722)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

[SECURITY] [DSA 3325-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 01, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3325-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacki...

DSA-3325-1 apache2 - security update

Bulletin has no description...

Fedora Update for httpd FEDORA-2015-11792

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : httpd-2.4.16-1.fc21 (2015-11792)

Update to new version 2.4.16. This update fixed various bugs as well as few security issues. For full changelog, see http://www.apache.org/dist/httpd/CHANGES2.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

CentOS 6 : httpd (CESA-2015:1249)

Updated httpd packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...