Oracle Linux 7 : httpd (ELSA-2015-0325)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0325 advisory. - core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-35...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

httpd security, bug fix, and enhancement update

2.4.6-31.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-31 - modproxyfcgi: determine if FCGICONNCLOSE should be enabled instead of hardcoding it 1168050 - modproxy: support Unix Domain Sockets 1168081 2.4.6-30 - core: fix bypassing of modheaders rules via chunked request...

RedHat Update for httpd RHSA-2015:0325-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 7 : httpd (RHSA-2015:0325)

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Fedora 20 : httpd-2.4.10-2.fc20 (2014-17153)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

Fedora Update for httpd FEDORA-2014-17153

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mod-gnutls 'gnutls_hooks.c' security bypass vulnerability

modgnutls is an extension to the GnuTLS library used by Apache for httpd to provide HTTPS. A security bypass vulnerability exists in mod-gnutls 'gnutlshooks.c' that allows attackers to bypass certain security restrictions and perform unauthorized operations...

Amazon Linux AMI : httpd24 (ALAS-2015-483)

modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access...

mini-httpd Information Disclosure Vulnerability

mini-httpd is a small HTTP server developed by ACME Labs that supports basic authentication, common MIME types and directory listings. A security vulnerability exists in minihttpd version 1.21 and earlier. A remote attacker can exploit this vulnerability by sending HTTP requests with extra-long...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150210)

A NULL pointer dereference flaw was found in the way the moddavsvn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash moddavsvn. CVE-2014-3580 It was discovered that Subversion clients retrieved cached authentication credential...

Scientific Linux Security Update : subversion on SL7.x x86_64 (20150210)

A NULL pointer dereference flaw was found in the way the moddavsvn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash moddavsvn. CVE-2014-3580 A NULL pointer dereference flaw was found in the way the moddavsvn module handled...

RedHat Update for subversion RHSA-2015:0165-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : subversion (RHSA-2015:0165)

Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

CentOS 6 : subversion (CESA-2015:0165)

Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available f...

DEBIAN-CVE-2015-1548

minihttpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read...

PT-2015-5344 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: mini httpd versions 1.21 and earlier Description: The issue allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string. This occurs because the long protocol string triggers an...

CVE-2015-1444

Multiple cross-site scripting XSS vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the 1 conntrack.cgi, 2 index.cgi, 3 logsyslog.cgi, 4 problems.cgi, 5...

CVE-2015-1444

The CVE-2015-1444 entry describes multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend (httpd) of fli4l. Affected are versions before 3.10.1 and 4.0 before 2015-01-30, where the following admin scripts are vulnerable: conntrack.cgi, index.cgi, log_syslog.cgi, pro...