Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)

A security bypass vulnerability has been reported in Apache HTTP Server...

httpd security update

2.2.3-63.0.1.el58.1 - Fix modssl always performing full renegotiation orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-63.1 - add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 787596 - remove patch for...

RedHat Update for httpd RHSA-2012:0323-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2012:0323-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

RedHat Update for httpd RHSA-2012:0323-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RHEL 5 : httpd (RHSA-2012:0323)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0323 advisory. - httpd: appregsub Integer overflow to buffer overflow CVE-2011-3607 - httpd: http 0.9 request bypass of the reverse proxy vulnerability...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

Medium: httpd

Issue Overview: It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a...

CentOS 6 : httpd (CESA-2012:0128)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RHEL 6 : httpd (RHSA-2012:0128)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0128 advisory. The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 released via RHSA-2011:1391 did not...

Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling

Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

Apache Httpd < 2.4.2 : insecure LD_LIBRARY_PATH handling

Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

httpd security update

2.2.15-15.0.1.el62.1 - replace index.html with Oracle's index page oracleindex.html update vstring in specfile 2.2.15-15.1 - add security fixes for CVE-2011-4317, CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 787598 - obviates fix for CVE-2011-3638, patch removed...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

[slackware-security] php

New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/php-5.3.10-i486-1slack13.37.txz: Upgraded. Fixed arbitrary remote code execution vulnerability reported ...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/apr-util-1.4.1-i486-1slack13.37.txz:...

Debian DSA-2405-1 : apache2 - multiple issues

Several vulnerabilities have been found in the Apache HTTPD Server : - CVE-2011-3607 : An integer overflow in appregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 : The Apache HTTP Server di...

[SECURITY] [DSA 2405-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2405-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...

DSA-2405-1 apache2 - multiple issues

Bulletin has no description...

RedHat Update for php53 RHSA-2012:0092-01

Check for the Version of php53 OpenVAS Vulnerability Test RedHat Update for php53 RHSA-2012:0092-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...