httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2013:0815 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

httpd: multiple XSS flaws due to unescaped hostnames

Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the 1 modimagemap, 2 modinfo, 3 modldap, 4 modproxyftp, and 5...

DEBIAN-CVE-2013-1849

The moddavsvn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a PROPFIND request for an activity URL...

phpMyAdmin 'filename_template' 远程代码执行(CVE-2013-3239)

BUGTRAQ ID: 59465 CVECAN ID: CVE-2013-3239 phpmyadmin是MySQL数据库的在线管理工具，主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 3.5.x、4.x在配置了SaveDir目录后，通过导出文件文件名的双扩展名，经过身份验证的远程用户可以执行任意代码，导致Apache HTTP服务器将此文件解释为可执行文件。例如：.php.sql文件名。 0 phpMyAdmin 3.x phpMyAdmin 3.5.x 厂商补丁： phpMyAdmin ----------...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

Design/Logic Flaw

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

CVE-2013-3239

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

CentOS Update for mod_dav_svn CESA-2013:0737 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scripttagname:"affected",...

RedHat Update for subversion RHSA-2013:0737-01

Check for the Version of subversion OpenVAS Vulnerability Test RedHat Update for subversion RHSA-2013:0737-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

RHEL 6 : subversion (RHSA-2013:0737)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0737 advisory. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarc...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SuSE 11.2 Security Update : Apache (SAT Patch Number 7570)

Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary...

Fedora Update for php FEDORA-2013-3927

Check for the Version of php OpenVAS Vulnerability Test Fedora Update for php FEDORA-2013-3927 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

[SECURITY] Fedora 17 Update: php-5.4.13-1.fc17

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora Update for httpd FEDORA-2013-4541

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2013-4541 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Medium: httpd

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...

Medium: httpd24

Issue Overview: Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web...