Apache 2.0: Denial of Service by memory consumption

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Chintan Trivedi discovered a vulnerability in Apache httpd 2.0 that is caused by improper enforcing of the field length limit in the header-parsing code. Impact By sending a large amount of...

Apache 2, mod_ssl: Bypass of SSLCipherSuite directive

Background The Apache HTTP server is one of the most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description A flaw has been found in modssl where the "SSLCipherSuite" directive could be bypassed in certain...

Apache: Exposure of protected directories

Background The Apache HTTP server is one of most popular web servers on the Internet. Description A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions client host, client authentication, etc be met before access to a certain directory is granted,...

Apache vulnerable to buffer overflow when expanding environment variables

Overview There is a buffer overflow vulnerability in apresolveenv function of Apache that could allow a local user to gain elevated privileges. Description The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft...

[ANNOUNCE] Apache HTTP Server 2.0.51 Released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server "Apache". This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This versi...

Apache 2, mod_dav: Multiple vulnerabilities

Background The Apache HTTP server is one of most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for it and moddav is the Apache module for Distributed Authoring and Versioning DAV. Description A potential infinite loop has been found in the input filter of modss...

Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that include fixes for security issues are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50:...

RHEL 3 : httpd (RHSA-2004:463)

Updated httpd packages that include fixes for security issues are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50 :...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...

RHEL 3 : httpd (RHSA-2004:349)

Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...

Apache HTTP Server < 2.0.49 mod_ssl Plain HTTP Request DoS

Binary data 1205.prm...

RHEL 3 : php (RHSA-2004:392)

Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP...

apache2 -- SSL remote DoS

The Apache HTTP Server 2.0.51 release notes report that the following issues have been fixed: A segfault in modssl which can be triggered by a malicious remote server, if proxying to SSL servers has been configured. CAN-2004-0751 A potential infinite loop in modssl which could be triggered given...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix a buffer overflow in modssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack buffer overflow was discovered in modssl that could be triggered if using...

RHEL 3 : httpd (RHSA-2004:084)

Updated httpd packages are now available that fix a denial of service vulnerability in modssl and include various other bug fixes. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in modssl in the Apache HTTP Server prior to version...

RHEL 3 : httpd (RHSA-2004:342)

Updated httpd packages that fix a buffer overflow in modssl and a remotely triggerable memory leak are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A stack-based buffer overflow was discovered in modssl that could be triggered if...

RHEL 2.1 : apache, mod_ssl (RHSA-2004:245)

Updated httpd and modssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module,...

Apache 2: Remote denial of service attack

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description A bu...

TSSA-2004-012 - apache

=========================================================================== | . | | | / | | / Security Advisory 2004-012 Package name: apache / httpd Summary: Denial Of Service Advisory ID: TSSA-2004-012 Date: 2004-06-29 Affected versions: tinysofa enterprise server 1.0 tinysofa enterprise server...

Apache 1.3: Multiple vulnerabilities

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description On...