301 matches found
Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)
This update includes the latest stable release of the Apache HTTP Server, version 2.2.21. Two security issues have been fixed : modproxyajp when combined with modproxybalancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service...
httpd: mod_proxy_ajp worker moved to error state when timeout exceeded
The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an expensive request...
Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. CVE-2009-3555 - The 'modproxyajp' module returns the wrong status cod...
DEBIAN-CVE-2010-2791
modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...
mod_proxy_ftp XSS
modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...
DEBIAN-CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
apache mod-proxy-ajp 2.2.11 信息泄漏漏洞
No description provided by source...
apache mod-proxy-ftp 2.2.9 跨站脚本漏洞
No description provided by source...
apache mod-proxy 2.3.0 拒绝服务漏洞
No description provided by source...
apache mod-proxy 1.3.31 缓冲区溢出漏洞
No description provided by source...
apache mod-proxy-balancer 2.2.6 跨站脚本漏洞
No description provided by source...
apache mod-proxy-ftp 2.2.13 拒绝服务漏洞
No description provided by source...
apache mod-proxy-ftp 2.2.14 mod-proxy-ftp 命令执行漏洞
No description provided by source...
apache mod-proxy-balance 2.2.6 balancer-handler 拒绝服务
No description provided by source...
apache mod-proxy-balancer 2.2.6 跨站脚本漏洞
No description provided by source...
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...
httpd: mod_proxy reverse proxy DoS (infinite loop)
The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...
httpd: mod_proxy reverse proxy DoS (infinite loop)
The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...