5742 matches found
Important: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...
CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...
Fedora Core 3 : httpd-2.0.53-3.2 (2005-638)
This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clea...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...
CVE-2005-2088
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...
PT-2005-3030 · Apache +2 · Apache Http Server +2
Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...
HP-UX PHSS_29893 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.6 IWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
HP-UX PHSS_32363 : s700_800 11.04 Webproxy server 2.0 update
s700800 11.04 Webproxy server 2.0 update : Two security vulnerabilities have been reported in Apache HTTP server http://httpd.apache.org/ versions prior to Apache 1.3.33 that may allow a Denial of Service DoS attack and execution of arbitrarty code. %NASLMINLEVEL 70300 C Tenable Network Security,...
HP-UX PHSS_30057 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.7 TGP update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
HP-UX PHSS_32140 : s700_800 11.04 Virtualvault 4.7 IWS update
s700800 11.04 Virtualvault 4.7 IWS update : Two security vulnerabilities have been reported in Apache HTTP server http://httpd.apache.org/ versions prior to Apache 1.3.33 that may allow a Denial of Service DoS attack and execution of arbitrarty code. %NASLMINLEVEL 70300 C Tenable Network Security...
HP-UX PHSS_29690 : HPSBUX0310-284 SSRT3622 rev.3 HP-UX Apache HTTP Server Denial of Service,unauthorized access
s700800 11.04 Virtualvault 4.5 OWS update : Potential Apache HTTP server vulnerabilities have been reported: CVE-2003-0545 CVE-2003-0543 CVE-2003-0544 CERT VU935264 CERT VU255484 CERT VU255484 CERT VU686224 CERT VU732952 CERT VU104280 http://www.openssl.org/news/secadv/20030930.txt. %NASLMINLEVEL...
CVE-2004-2343
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...
Moderate: Red Hat Security Advisory: apache, mod_ssl security update for Stronghold
Updated versions of cross-platform Stronghold that fix security issues in modssl and the Apache HTTP Server are now available. Stronghold 4 contains a number of open source technologies, including modssl and the Apache HTTP Server. A buffer overflow in the gettag function in modinclude for Apache...
Moderate: Red Hat Security Advisory: apache, mod_ssl security update
Updated apache and modssl packages that fix various minor security issues and bugs in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. The modssl module provides strong...
Important: Red Hat Security Advisory: httpd security update
Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue has been discovered in the modssl module when configured to use the "SSLCipherSuit...
Apache 2.0: Denial of Service by memory consumption
Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...
Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
Background The Apache HTTP server is one of the most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description A flaw has been found in modssl where the "SSLCipherSuite" directive could be bypassed in certain...
Apache: Exposure of protected directories
Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...
Apache vulnerable to buffer overflow when expanding environment variables
Overview There is a buffer overflow vulnerability in apresolveenv function of Apache that could allow a local user to gain elevated privileges. Description The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft...
[ANNOUNCE] Apache HTTP Server 2.0.51 Released
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server "Apache". This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This versi...