RHEL 6 / 7 : php (RHSA-2014:1767)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1767 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif...

RHEL 5 : php53 (RHSA-2014:1768)

Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

Important: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Important: Red Hat Security Advisory: php53 security update

Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

CentOS 6 / 7 : openssl (CESA-2014:1652)

Updated OpenSSL packages that contain a backported patch to mitigate the CVE-2014-3566 issue known as SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability POODLE, and fixed two security issues that are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has...

Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 (20140930)

It was found that the fix for CVE-2012-1571 was incomplete; the File Information fileinfo extension did not correctly parse certain Composite Document Format CDF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. CVE-2014-3587 ...

Amazon Linux AMI : httpd (ALAS-2011-9)

It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connec...

Amazon Linux AMI : httpd (ALAS-2014-331)

It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV request that would...

Amazon Linux AMI : httpd (ALAS-2014-388)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

RedHat Update for php53 and php RHSA-2014:1326-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 : php / php53 (CESA-2014:1326)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Moderate: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for...

Moderate: Red Hat Security Advisory: php53 and php security update

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

RHEL 5 / 6 : php53 and php (RHSA-2014:1326)

Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...

Apache Httpd < 2.4.12 : mod_proxy_fcgi out-of-bounds memory read

An out-of-bounds memory read was found in modproxyfcgi. A malicious FastCGI server could send a carefully crafted response which could lead to a crash when reading past the end of a heap memory or stack buffer. This issue affects version 2.4.10 only...

Apache Httpd < 2.4.12 : mod_cache crash with empty Content-Type header

A NULL pointer deference was found in modcache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. This crash would only be a denial of service if using a threaded MPM...

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

httpd: mod_status heap-based buffer overflow

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...