SUSE SLED10 Security Update : subversion (SUSE-SU-2013:0837-1)

This update fixes several DoS vulnerabilities in subversion's moddavsvn Apache HTTPD server module. CVE-2013-1849, CVE-2013-1846, CVE-2013-1845 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Monkey HTTPD Server Denial of Service - Ver2 (CVE-2013-3724)

A denial of service vulnerability has been reported in Monkey HTTPD Server. The vulnerability is due to improper bounds checking while parsing headers. A remote attacker can exploit this vulnerability by sending a malicious request to the target server. Successful exploitation of this vulnerabili...

openSUSE Security Update : php5 (openSUSE-2015-352)

PHP was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 apache2handler, allow arbitrary code execution bnc928506 - CVE-2015-3329: Specially crafted PHAR data could lead to...

Security update for php5 (important)

PHP was updated to fix three security issues. The following vulnerabilities were fixed: CVE-2015-3330: Specially crafted PHAR files could, when executed under Apache httpd 2.4 apache2handler, allow arbitrary code execution bnc928506 CVE-2015-3329: Specially crafted PHAR data could lead to...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.40-i486-1slack14.1.txz: Upgraded. This update fixes some security issues. Please note that this package build also moves t...

[slackware-security] httpd

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/httpd-2.4.12-i486-1slack14.1.txz: Upgraded. This update fixes the following security issues: CVE-2014-3583...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2015-111-03)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-111-03. The text itse...

Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

Mandriva Linux Security Advisory : apache (MDVSA-2015:093)

Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098. A race condition flaw...

Fedora 21 : dokuwiki-0-0.24.20140929c.fc21 (2015-3186)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Fedora 22 : dokuwiki-0-0.24.20140929c.fc22 (2015-3079)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Fedora 20 : dokuwiki-0-0.24.20140929c.fc20 (2015-3211)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Ultra Mini HTTPD Resource Name Request Handling Stack Buffer Overflow - Ver2 (CVE-2013-5019)

A buffer overflow vulnerability has been reported in Vector Ultra Mini HTTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

CentOS 7 : httpd (CESA-2015:0325)

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

CentOS 7 : ipa (CESA-2015:0442)

Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:0325 Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System...

Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

Fedora Update for httpd FEDORA-2014-17195

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...