weborf 0.12.2 - Directory Traversal

weborf 0.12.2 - Directory Traversal Title: Weborf httpd = 0.12.2 Directory Traversal Vulnerability Date: Sep 6, 2010 Author: Rew Link: http://galileo.dmi.unict.it/wiki/weborf/doku.php Version: 0.12.2 Tested On: Debian 5 CVE: N/A ============================================================= Weborf...

RHEL 5 : httpd (RHSA-2010:0659)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0659 advisory. The Apache HTTP Server is a popular web server. A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the...

httpd security and bug fix update

2.2.3-43.0.1.el55.3 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-43.3 - modssl: improved fix for SSLRequire's OID function 625452 2.2.3-43.2 - add security fixes for CVE-2010-1452, CVE-2010-2791 623210 - moddeflate: rebase to 2.2.15...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2010-240-02)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-240-02. The text itse...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/httpd-2.2.16-i486-1slack13.1.txz: Upgraded. Fix Handling of requests without a path segment. For more...

Fedora Update for httpd FEDORA-2010-12478

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for httpd FEDORA-2010-12478

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2010-12478 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora 13 : httpd-2.2.16-1.fc13 (2010-12478)

This update contains the latest stable release of the Apache HTTP Server. One security fix is included: CVE-2010-1452: moddav, modcache: Fix Handling of requests without a path segment. Several bugs are also fixed: http://www.apache.org/dist/httpd/CHANGES2.2.16 Note that Tenable Network Security...

httpd scoreboard lack of PID protection

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...

httpd mod_cache segfault

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...

Fedora 12 : httpd-2.2.15-1.fc12.2 (2010-6055)

The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server 'httpd'. This version is principally a security and bugfix release. This release fixes two minor security issues and includes a number of bug fixes. See the upstream changes file for furthe...

Fedora 11 : httpd-2.2.14-1.fc11 (2009-12747)

This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could u...

[advisory] httpd Timeout detection flaw &#40;mod_proxy_http&#41; CVE-2010-2068

Vulnerability; httpd Timeout detection flaw modproxyhttp CVE-2010-2068 Classification; important Description; A timeout detection flaw in the httpd modproxyhttp module causes proxied response to be sent as the response to a different request, and potentially served to a different client, from the...

Motorola SB5101 Hax0rware Rajko HTTPd Remote Proof Of Concept

!/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32 and R39 Description: Motorola SB5101 Hax0rware Rajko HttpD Remote...

Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)

An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC)

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service PoC !/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32...

Motorola SB5101 Hax0rware Rajko HTTPd - Remote Denial of Service (PoC)

!/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC Author: Dillon Beresford Date: 6/6/2010 Vendor: SBHacker & Motorola Software Link: http://www.sbhacker.net/forum/index.php Tested on Hax0rware 1.1 R30, R32 and R39 Description: Motorola SB5101 Hax0rware Rajko HttpD Remote...

Motorola SB5101 Hax0rware Rajko HTTPD Remote Exploit PoC

Exploit for hardware platform in category dos / poc ======================================================== Motorola SB5101 Hax0rware Rajko HTTPD Remote Exploit PoC ======================================================== !/usr/bin/perl Motorola SB5101 Hax0rware Rajko HttpD Remote Exploit PoC...