CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

CVE-2014-8567

The modauthmellon module before 0.8.1 allows remote attackers to cause a denial of service Apache HTTP server crash via a crafted logout request that triggers a read of uninitialized data...

CVE-2014-8567

CVE-2014-8567 affects the mod_auth_mellon module for Apache (pre-0.8.1). A crafted logout request can trigger a read of uninitialized data, leading to an Apache HTTP server denial-of-service (crash). Public sources consistently describe the issue and its impact as a DoS via logout handling. The v...

RHEL 6 : mod_auth_mellon (RHSA-2014:1803)

An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 6 : mod_auth_mellon (CESA-2014:1803)

An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

mod_auth_mellon security update

CentOS Errata and Security Advisory CESA-2014:1803 An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: mod_auth_mellon security update

An updated modauthmellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 6 / 7 : php (CESA-2014:1767)

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

RHEL 6 / 7 : php (RHSA-2014:1767)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1767 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif...

JVN#23809730: GIGAPOD vulnerable to denial-of-service (DoS)

GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interface via port 8001. The administrative web interface uses a version of the Apache HTTP server which...

Oracle third party patch update : bash_2014_10_07

The remote Solaris system is missing necessary patches to address critical security updates related to 'Shellshock' : - GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a...

Amazon Linux AMI : httpd (ALAS-2011-9)

It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connec...

Amazon Linux AMI : mod_wsgi (ALAS-2014-376)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

Amazon Linux AMI : httpd (ALAS-2011-1)

The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially crafted Range header...

Amazon Linux AMI : httpd (ALAS-2014-414)

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' C Tenable Networ...

CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

Null pointer dereference

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...