openSUSE Security Update : apache2 (openSUSE-2011-55)

specially crafted requests could bypass RewriteRule and ProxyPassMatch - new template file: /etc/apache2/vhosts.d/vhost-ssl.template allow TLSv1 only, browser match stuff commented out. - rc script /etc/init.d/apache2: handle reload with deleted binaries by message to stdout only, but refrain...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for httpd CESA-2011:1392 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for httpd RHSA-2011:1391-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

httpd: reverse web proxy vulnerability

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

PHP-CGI远程任意代码执行漏洞

CVE ID: CVE-2012-1823 PHP是一种HTML内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。可以被各种Web服务器以多种方式调用，实现动态网页的功能。 PHP处理参数的传递时存在漏洞，在特定的配置情况下，远程攻击者可能利用此漏洞在服务器上获取脚本源码或执行任意命令。 当PHP以特定的CGI方式被调用时（例如Apache的modcgid），php-cgi接收处理过的查询格式字符串作为命令行参数，允许命令行开关（例如-s、-d...

Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure

The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote...

Debian DSA-2405-1 : apache2 - multiple issues

Several vulnerabilities have been found in the Apache HTTPD Server : - CVE-2011-3607 : An integer overflow in appregsub could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. - CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 : The Apache HTTP Server di...

Apache 2.2 < 2.2.22 Multiple Vulnerabilities

Binary data 800552.prm...

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

Apache 2.2.x < 2.2.22 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2.x installed on the remote host is prior to 2.2.22. It is, therefore, potentially affected by the following vulnerabilities : - When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web...

Mandriva Update for apache MDVSA-2012:003 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2012:003 apache Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Linux Security Advisory : apache (MDVSA-2012:003)

Multiple vulnerabilities has been found and corrected in apache : Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

New Apache Reverse Proxy Issue Uncovered

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...

osCSS2 - &#039;_ID&#039; Local file Inclusion

Advisory: osCSS2 "ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 latest version Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1...

Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)

An information disclosure vulnerability has been reported in Apache httpd server. The vulnerability is due to insufficient input validation by the server while using the RewriteRule or ProxyPassMatch directives. A remote attacker may exploit this vulnerability by sending a series of specially...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...