httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora Update for httpd FEDORA-2014-4555

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2014-4555 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

httpd security update

2.2.15-30.0.1.el65 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-30 - moddav: add security fix for CVE-2013-6438 1078174 - modlogconfig: add security fix for CVE-2014-0098 1078174...

httpd security update

2.2.3-85.0.1.el510 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-85 - modlogconfig: add security fix for CVE-2014-0098 1078176 2.2.3-84 - moddav: add security f...

Fedora Update for httpd FEDORA-2014-4555

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : httpd-2.4.9-2.fc20 (2014-4555)

This update contains the latest release of the Apache HTTP Server, version 2.4.9. Numerous bug fixes and minor enhancements are included; for more information see : http://www.apache.org/dist/httpd/CHANGES2.4.9 Note that Tenable Network Security has extracted the preceding description block...

Slackware 14.0 / 14.1 / current : httpd (SSA:2014-086-02)

New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-086-02. The text itself is copyright C...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/httpd-2.4.9-i486-1slack14.1.txz: Upgraded. This update addresses two security issues. Segfaults with truncated cookie logging...

KLA10067 DoS vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Vectors related to modlogconfig can be exploited remotely via a specially designed cookie; 2. An improper...

[ MDVSA-2014:065 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:065 http://www.mandriva.com/en/support/security/ Package : apache Date : March 20, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities has been found and...

CentOS Update for php CESA-2014:0311 centos5

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2014:0311 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20140318)

A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with th...

MGASA-2014-0135 Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 and 5.6 Long Life, and Red Hat Enterprise Linux 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability...

Apache Update Resolves Security Vulnerabilities

Apache has released version 2.4.9 of its ubiquitous HTTP web server HTTPD, resolving two security vulnerabilities and a number of other bugs in the process. The Apache Software Foundation is recommending HTTPD 2.4.9 over all previous versions. The first patch fixes CVE-2014-0098. It aims to...

CentOS 5 / 6 : subversion (CESA-2014:0255)

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

FreeBSD : subversion -- mod_dav_svn vulnerability (1839f78c-9f2b-11e3-980f-20cf30e32f6d)

Subversion Project reports : Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this...