Monkey HTTPd improper input validation vulnerability

census ID: census-2009-0004 URL: http://census-labs.com/news/2009/12/14/monkey-httpd/ CVE ID: Pending Affected Products: Monkey web server versions ? 0.9.2. Class: Improper Input Validation CWE-20, Incorrect Calculation CWE-682 Remote: Yes Discovered by: Patroklos Argyroudis We have discovered a...

Fedora Core 10 FEDORA-2009-12604 (httpd)

The remote host is missing an update to httpd announced via advisory FEDORA-2009-12604. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora Core 10 FEDORA-2009-12604 (httpd)

The remote host is missing an update to httpd announced via advisory FEDORA-2009-12604. OpenVAS Vulnerability Test $Id: fcore200912604.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12604 httpd Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora 10 : httpd-2.2.14-1.fc10 (2009-12604)

This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could u...

Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)

A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...

Apache Win32 Chunked Encoding

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Apache Win32...

CentOS Security Advisory CESA-2009:1579 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1579. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

CentOS Security Advisory CESA-2009:1579 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1579. CESA-2009:1579 66274 4 $Id: ovcesa20091579.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1579 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CentOS Security Advisory CESA-2009:1580 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1580. CESA-2009:1580 66275 2 $Id: ovcesa20091580.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1580 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CentOS Security Advisory CESA-2009:1580 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1580. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

RedHat Security Advisory RHSA-2009:1580

The remote host is missing updates announced in advisory RHSA-2009:1580. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw t...

RHEL 4 : httpd (RHSA-2009:1580)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1580 advisory. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer...

RHEL 3 / 5 : httpd (RHSA-2009:1579)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the...

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

httpd security update

2.2.3-31.0.1.el54.2 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-31.2 - add security fixes for CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 534041...

httpd security update

2.0.52-41.ent.6.0.1 - use oracle index page oracleindex.html - update vstring and distro in specfile 2.0.52-41.ent.6 - add security fixes for CVE-2009-3555, CVE-2009-1891, CVE-2009-3094, and CVE-2009-3095 534039...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...