Apache mod_rewrite contains off-by-one error in ldap scheme handling

Overview A vulnerability in a common Apache HTTP server module, modrewrite, could allow a remote attacker to execute arbitrary code on an affected web server. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional functionality to the web...

CVE-2006-3918

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

CentOS 3 / 4 : php (CESA-2005:748)

Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RP...

CentOS 3 / 4 : httpd (CESA-2005:582)

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

RHEL 2.1 : php (RHSA-2006:0501)

Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server...

Apache Httpd < 2.2.6 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Apache Httpd < 1.3.39 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Apache Httpd < 2.0.61 : Signals to arbitrary processes

The Apache HTTP server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the HTTP server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service...

Input validation

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

CVE-2006-2330

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

EUVD-2006-2331

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...

PT-2006-4764 · Ibm +3 · Ibm Http Server +3

Name of the Vulnerable Software and Affected Versions: IBM HTTP Server versions 6.0 through 6.0.2.13 IBM HTTP Server versions 6.1 through 6.1.0.1 Apache HTTP Server versions 1.3 through 1.3.35 Apache HTTP Server versions 2.0 through 2.0.58 Apache HTTP Server versions 2.2 through 2.2.2 Description...

RHEL 4 : php (RHSA-2006:0276)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2006:0276 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo PHP function did not properly sanitize...

Fedora Core 4 : httpd-2.0.54-10.3 (2006-052)

This update includes fixes for three security issues in the Apache HTTP Server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service memory consumption via aborted connections, which prevents the memory for the transaction pool from being reused for other...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw in modim...

RHEL 3 / 4 : httpd (RHSA-2006:0159)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A memo...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2006:0159 Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server i...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A memo...

CVE-2005-4814

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...

Apache HTTP Server 2.x < 2.0.50 Multiple DoS Vulnerabilities

Apache HTTP Server is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...