php security update

CentOS Errata and Security Advisory CESA-2012:0546 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: Red Hat Security Advisory: php53 security update

Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes multiple security issues and one bug is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability...

httpd: NULL pointer dereference crash in mod_log_config

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

Updated httpd packages that fix multiple security issues and one bug are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

httpd: mod_proxy_ajp remote temporary DoS

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

httpd: ap_pregsub Integer overflow to buffer overflow

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

[SECURITY] Fedora 15 Update: php-5.3.11-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability

Apache HTTP Server is prone to a cookie information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞

Bugtraq ID: 53046 CVE ID：CVE-2012-0883 Apache HTTP Server是一款流行的HTTP服务程序 由于不安全处理LDLIBRARYPATH，可导致在当前工作目录中搜索DSO，攻击者可以利用此漏洞以HTTPD服务上下文执行任意代码 0 Apache 2.0.x Apache 2.1.x Apache 2.2.x Apache 2.3.x 厂商解决方案 Apache ----- Apache Software Foundation Apache 2.4.2已经修复此漏洞，建议用户下载使用： http://www.apache.org/...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

CVE-2012-0883

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

Fedora Update for httpd FEDORA-2011-12667

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2011-12667 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Fedora Update for httpd FEDORA-2012-1598

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2012-1598 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...

CVE-2012-1181

fcgidspawnctl.c in the modfcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service memory consumption via a series of HTTP requests that triggers a process...