SUSE: Security Advisory (SUSE-SU-2013:0469-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)

This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...

Apache HTTP Server 'ap_pregsub()'函数本地拒绝服务漏洞(CVE-2011-4415)

BUGTRAQ ID: 50639 CVE ID: CVE-2011-4415 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器，可以在大多数计算机操作系统中运行。 Apache HTTP Server 2.0.x至2.0.64及2.2.x至2.2.21内server/util.c中的appregsub函数，在启用了modsetenvif模块后，没有限制环境变量的值大小，通过带有特制SetEnvIf指令的.htaccess文件和HTTP请求标头，导致拒绝服务（内存破坏或空指针引用）。 0 Apache 2.2.x 厂商补丁： Apache Group...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate...

CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

Apache HTTP Server "ap_pregsub()"函数本地权限提升漏洞

BUGTRAQ ID: 50494 CVE ID: CVE-2011-3607 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器，可以在大多数电脑操作系统中运行，由于其跨平台和安全性被广泛使用，是最流行的Web服务器端软件之一。 Apache HTTP Server在"appregsub"函数的实现上存在本地权限提升漏洞，本地攻击者可利用此漏洞以提升的权限执行任意代码。 要触发此漏洞，需要启用modsetenvif，并且攻击者可以在受影响服务器中放置恶意的.htaccess文件。此漏洞源于 "appregsub" 函数 server/utils.c...