Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)

A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

A denial of service vulnerability has been reported in the moddav component of Apache HTTP Server. The vulnerability is due to a NULL pointer dereference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker can send a crafted HTTP...

Apache 2 mod_ssl Connection Abort Denial of Service possible attack - Ver2 (CVE-2004-0748)

A denial-of-service vulnerability has been reported in Apache Software Foundation Apache HTTP Server. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

Juniper Junos Space 11.1x < 13.1R1.6 Multiple Vulnerabilities (JSA10585)

According to its self-reported version number, the remote Junos Space version is prior to 13.1R1.6. It is, therefore, affected by the following vulnerabilities : - Multiple Vulnerabilities related to the included Apache HTTP server. CVE-2011-3368, CVE-2011-4317, CVE-2012-0053 - A cross-site...

Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)

According to its self-reported version number, the remote Junos Space version is prior to 13.3R1.8. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in RedHat JBoss application server. CVE-2010-0738, CVE-2010-1428,...

CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL15901)

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2014-3583

The handleheaders function in modproxyfcgi.c in the modproxyfcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service buffer over-read and daemon crash via long response headers...

SOL15900 - Apache HTTP server vulnerability CVE-2012-3499

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

SOL15901 - Apache HTTP server vulnerability CVE-2012-2687

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version...

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

SOL15893 - Apache HTTP server vulnerabilities CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, and CVE-2014-3523

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

CVE-2011-3368 The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send...

SOL15865 - Apache HTTP server vulnerability CVE-2012-4558

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

Design/Logic Flaw

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...