5876 matches found
[SECURITY] [DSA 2989-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2989-1 [email protected] http://www.debian.org/security/ Stefan Fritsch July 24, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2989-1 (apache2 - security update)
Several security issues were found in the Apache HTTP server. CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. CVE-2014-0226 A ra...
DSA-2989-1 apache2 - security update
Bulletin has no description...
Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2299-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2299-1 advisory. Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to st...
RHEL 5 / 6 : httpd (RHSA-2014:0920)
Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
Oracle Linux 7 : httpd (ELSA-2014-0921)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0921 advisory. - modcgid: add security fix for CVE-2014-0231 1120607 - modproxy: add security fix for CVE-2014-0117 1120607 - moddeflate: add security fix for...
CentOS 5 / 6 : httpd (CESA-2014:0920)
Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...
CentOS 7 : httpd (CESA-2014:0921)
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
USN-2299-1: Apache HTTP Server vulnerabilities
Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...
[DLA-0018-1] php5 security update
Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721 CVE-2014-3515: fix unserialize SPL ArrayObject / SPLObjectStorage Type Confusion CVE-2014-0207: fileinfo: cdfreadshortsector insufficient boundary check CVE-2014-3480: fileinfo: cdfcountcha...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_cache NULL pointer dereference crash
A NULL pointer dereference flaw was found in the modcache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...
Apache 2.4.x mod_proxy Denial Of Service
Apache versions 2.4.x prior to 2.4.10 suffer from a denial of service condition when modproxy is in use. Software: apache httpd 2.4.7 , possibly others from 2.3 and 2.4 branches. If apache is configured with modproxy module for example in front of a tomcat, or proxypassing requests to other backe...
CVE-2014-3523
Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...
CVE-2014-0117
The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...
CVE-2013-4352
The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...
CVE-2014-0118
The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...
CVE-2014-0118
The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...
CVE-2014-0226
Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...