RedHat Security Advisory RHSA-2009:1067

The remote host is missing updates announced in advisory RHSA-2009:1067. Red Hat Application Stack v2.3 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform EAP. JBoss EAP is provided through the JBoss EAP channels on t...

RedHat Security Advisory RHSA-2009:1075

The remote host is missing updates announced in advisory RHSA-2009:1075. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all...

CentOS Security Advisory CESA-2009:1075 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1075. CESA-2009:1075 64124 2 $Id: ovcesa20091075.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1075 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

RedHat Security Advisory RHSA-2009:1067

The remote host is missing updates announced in advisory RHSA-2009:1067. Red Hat Application Stack v2.3 is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform EAP. JBoss EAP is provided through the JBoss EAP channels on t...

CentOS Security Advisory CESA-2009:1075 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1075. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

Design/Logic Flaw

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service Apache httpd crash via a request for a PDF file that does not use the GET method...

CVE-2009-1903

ModSecurity (Apache module) prior to version 2.5.9 is affected by two CVEs; CVE-2009-1902 (NULL pointer dereference when processing multipart requests without a part header name) and CVE-2009-1903 (PDF XSS protection failing for PDF requests not using GET), leading to possible denial of service (...

RHEL 5 : httpd (RHSA-2009:1075)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1075 advisory. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mods...

httpd: mod_ssl per-connection memory leak for connections with zlib compression

Memory leak in the zlibstatefulinit function in crypto/comp/czlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service memory consumption via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server modssl that specify...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the...

httpd security update

2.2.3-22.0.1.el53.1 - Replace index.html with oracle's index page oracleindex.html - Update vstring and distro in specfile 2.2.3-22.el53.1 - add security fixes for CVE-2008-1678, CVE-2009-1195 499284...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix a security issue in modproxyajp are now available for JBoss Enterprise Web Server 1.0.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache modproxyajp...

Oracle XML DB SID Discovery

This module simply makes an authenticated request to retrieve the sid from the Oracle XML DB httpd server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle XML DB SID Discovery',...

Apache Httpd < 2.2.12 : APR-util off-by-one overflow

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to th...

FreeBSD : apache mod_include buffer overflow vulnerability (6e6a6b8a-2fde-11d9-b3a2-0050fc56d258)

There is a buffer overflow in a function used by modinclude that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CentOS 3 / 4 / 5 : httpd (CESA-2008:0967)

Updated httpd packages that resolve several security issues and fix a bug are now available for Red Hat Enterprise Linux 3, 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was foun...

RedHat Security Advisory RHSA-2009:0338

The remote host is missing updates announced in advisory RHSA-2009:0338. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP scrip...