httpd security and enhancement update

2.2.3-31.0.1.el54.4 - Replace index.html with Oracle's index page oracleindex.html - Update vstring and distro in specfile 2.2.3-31.4 - require and BR a version of OpenSSL with the secure reneg API 567980 2.2.3-31.3 - modssl: add SSLInsecureRenegotiation 567980 - add security fixes for...

[CORELAN-10-015] - Remote Help 0.0.7 Httpd DoS (Format String)

|------------------------------------------------------------------| | | | / / / / | | / / / / / / / / / / / | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | | [email protected] | | |...

Remote Help Detection

The remote host is running Remote Help, a web server for Windows that can be used to control the host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45139; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Remote Help Detection";...

Apache mod_isapi module library unload results in orphaned callback pointers

Overview The Apache modisapi module can be forced to unload a specific library before the processing of a request is complete, resulting in memory corruption. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP server running on Windows platforms...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. modssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. modproxyajp: Respond with HTTPBADREQUEST when the body is not sent...

Apache HTTPD information leak

Under some conditions it's possible to access memory with data related to prvious requests...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. modssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. modproxyajp: Respond with HTTPBADREQUEST when the body is not sent...

Apache Httpd < 2.2.17 : apr_bridage_split_line DoS

A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...

Apache Httpd < 2.0.64 : apr_bridage_split_line DoS

A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...

Fedora Update for httpd FEDORA-2009-12747

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2009-12747 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for httpd FEDORA-2009-12747

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Apache HTTPD Ranges Header Field Denial of Service - ver 2 (CVE-2011-3192)

A denial of service vulnerability has been reported in Apache httpd server. A remote attacker may exploit this vulnerability to cause a DoS condition in an affected server. The vulnerability is due to an error in Apache's http server while handling requests with malformed Range header values. A...

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion

Joomla! Plugin Core Design Scriptegrator - Local File Inclusion Exploit Title: Core Design Scriptegrator plugin for Joomla! 1.5 file inclusion Author: S2 Crew Hungary Tested on: Debian Linux, Apache, Joomla! 1.5 Code: There's a file called jsloader.php which takes an array of file names from the...

Apache Httpd < 2.0.64 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

Apache Httpd < 2.2.15 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

Apache Httpd < 2.2.15 : mod_proxy_ajp DoS

modproxyajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service...

Caedo HTTPd Server v 0.5.1 ALPHA Remote File Download

Exploit for windows platform in category remote exploits !/usr/bin/perl use LWP::Simple; Caedo HTTPd Server v 0.5.1 ALPHA Remote File Download Exploit Author : Zer0 Thunder if @ARGV $file"; print FILE $result; close FILE; print " File Saved : $file \n\n"; print...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-024-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-024-01. The text itself is...

Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVA-2010:011 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVA-2010:011 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...