Moderate: Red Hat Security Advisory: httpd security and bug fix update

Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...

Mandriva Update for apache MDVSA-2011:144 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:144 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Apache mod_proxy Reverse Proxy Exposure

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTP Server Security Advisory ==================================== Title: modproxy reverse proxy exposure CVE: CVE-2011-3368 Date: 20111005 Product: Apache HTTP Server Versions: httpd 1.3 all versions, httpd 2...

CVE-2011-3368

CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...

Apache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure

An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...

Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure

An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...

Apache Module mod_rewrite LDAP Protocol Buffer Overflow

This module exploits the modrewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have...

apache-mod-rewrite.rb.txt

require 'msf/core' module Msf class Exploits::Windows::Http::Apachemodrewrite 'Apache ModRewrite escapeabsoluteuri Off-By-One Buffer Overflow', 'Description' = %q This module exploits a off-by-one buffer overflow. RewriteRule must be enabled and rule must meets this criteria: beginning of the...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

!/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20 http://www.milw0rm.com/exploits/2237 to successfully exploit the...

apache -- mod_rewrite buffer overflow vulnerability

The Apache Software Foundation and The Apache HTTP Server Project reports: An off-by-one flaw exists in the Rewrite module, modrewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0. Depending on the manner in which Apache HTTP Server was compiled, this software...