CVE-2014-0118

The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

CVE-2014-0226

Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...

Apache HTTP Server mod_proxy Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...

Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updating of modstatus. A race condition in modstatus allows an attacker to...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. moddeflate: The DEFLATE input filter...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

phpmyadmin security update

Package : phpmyadmin Version : 4:3.3.7-8 CVE ID : CVE-2013-3239 CVE-2013-4995 CVE-2013-4996 CVE-2013-5003 Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:...

Important: mod_wsgi

Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...

DLA-0014-1 phpmyadmin - security update

Bulletin has no description...

Type confusion

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

Updated tomcat7 packages that fix three security issues are now available for Red Hat JBoss Web Server 2.0.1 on Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows...

Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1284/info Apache HTTP Server 1.3.x win32 allows people to get a directory listing of a directory, if it is enabled in the config, even if an index file is present that would normally be displayed instead. This can be...

Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness

No description provided by source. source: http://www.securityfocus.com/bid/26663/info Apache is prone to a cross-site scripting weakness when handling HTTP request methods that result in 413 HTTP errors. An attacker may exploit this issue to steal cookie-based authentication credentials and laun...

Apache HTTP Server Denial of Service

No description provided by source. / This is a reverse engineered version of the exploit for CVE-2011-3192 made by ev1lut10n http://jayakonstruksi.com/backupintsec/rapache.tgz. Copyright 2011 Ramon de C Valle [email protected] Compile with the following command: gcc -Wall -pthread -o...

[SECURITY] Fedora 20 Update: php-5.5.14-1.fc20

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

RHEL 5 / 6 : JBoss Web Server (RHSA-2013:1133)

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0783)

Updated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...