Apache Httpd < 2.4.25 : IP address spoofing when proxying using mod_remoteip and mod_rewrite

For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

macOS : macOS Server < 5.2 Multiple Vulnerabilities (httpoxy)

The version of macOS Server formerly known as Mac OS X Server installed on the remote host is prior to 5.2. It is, therefore, affected by the following vulnerabilities : - The Apache HTTP Server is affected by a man-in-the-middle vulnerability known as 'httpoxy' due to a failure to properly resol...

CVE-2016-3110

modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...

CVE-2016-3110

modcluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service Apache http server crash via an MCMP message containing a series of = equals characters after a legitimate element...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...

CVE-2016-4694

CVE-2016-4694 (httpoxy) affects Apache httpd on Apple OS X prior to 10.12/OS X Server prior to 5.2, where untrusted CGI client data in the HTTP_PROXY environment variable could redirect outbound traffic to an arbitrary proxy via a crafted Proxy header. The connected Apple security content shows A...

[SECURITY] Fedora 25 Update: php-7.0.10-1.fc25

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

RHEL 7 : Red Hat JBoss Web Server 2.1.1 security update on RHEL 7 (Important) (RHSA-2016:1648)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1648 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

RHEL 6 : JBoss Web Server (RHSA-2016:1649) (httpoxy)

An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.1 security update on RHEL 7

An update is now available for Red Hat JBoss Enterprise Web Server 2.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

CVE-2016-3110

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP 2.4.6 Service Pack 1 security update

Red Hat JBoss Core Services Service Pack 1 is now available from the Red Hat Customer Portal for Solaris and Microsoft Windows systems. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

CentOS 7 : php (CESA-2016:1613) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

php security update

CentOS Errata and Security Advisory CESA-2016:1613 An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 6 : php (CESA-2016:1609) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 7 : php (RHSA-2016:1613) (httpoxy)

An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...