[SECURITY] Fedora 11 Update: httpd-2.2.15-1.fc11.1

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] Fedora 13 Update: httpd-2.2.15-1.fc13

The Apache HTTP Server is a powerful, efficient, and extensible web server...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

Race condition

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

CVE-2010-1151

Race condition in the modauthshadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials...

CVE-2010-1151

CVE-2010-1151 affects the Apache mod_auth_shadow module. A race condition related to the external helper validation path can bypass authentication, potentially allowing unauthorized read/modify of data. Fedora advisories state the fix addresses a bad wait(2) call that causes randomized authorizat...

RedHat Update for httpd RHSA-2010:0175-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2010:0175-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

RedHat Update for httpd RHSA-2010:0175-01

Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2010:0175-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

[SECURITY] Fedora 11 Update: php-5.2.13-1.fc11

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2010:0175 Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability...

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

httpd: mod_proxy_ajp remote temporary DoS

The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

Apache 2.2.x子请求处理信息泄露漏洞

BUGTRAQ ID: 38580 CVECAN ID: CVE-2010-0434 Apache HTTP Server是一款流行的Web服务器。 在使用多线程MPM时，Apache HTTP Server的server/protocol.c文件中的apreadrequest函数没有正确地处理子请求，可能允许远程攻击者从其他线程所处理的请求中读取敏感信息。 Apache Group Apache 2.2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

[ MDVSA-2010:057 ] apache

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:057 http://www.mandriva.com/security/ Package : apache Date : March 6, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerabilitiy has been found...

CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

CVE-2010-0434

The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...

Design/Logic Flaw

The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...

Design/Logic Flaw

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...