5854 matches found
RedHat Update for nss RHSA-2011:1444-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS Update for nss CESA-2011:1444 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
nss security update
CentOS Errata and Security Advisory CESA-2011:1444 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2011-November/080319.html https://lists.centos.org/pipermail/centos-announce/2011-November/080320.html...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
Integer overflow
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-3607
The CVE-2011-3607 issue affects the Apache HTTP Server 2.0.x (up to 2.0.64) and 2.2.x (up to 2.2.21) when mod_setenvif is enabled. An integer overflow in ap_pregsub() in server/util.c can cause a heap-based buffer overflow, enabling local privilege escalation via a crafted .htaccess SetEnvIf dire...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The CVE-2011-4415 issue affects the Apache HTTP Server (2.0.x up to 2.0.64 and 2.2.x up to 2.2.21) when mod_setenvif is enabled. The root cause is an integer overflow in ap_pregsub during environment variable handling (SetEnvIf), with a crafted .htaccess and HTTP header causing memory exhaustion ...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
Apache HTTP Server "ap_pregsub()"函数本地权限提升漏洞
BUGTRAQ ID: 50494 CVE ID: CVE-2011-3607 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在"appregsub"函数的实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞以提升的权限执行任意代码。 要触发此漏洞,需要启用modsetenvif,并且攻击者可以在受影响服务器中放置恶意的.htaccess文件。此漏洞源于 "appregsub" 函数 server/utils.c...
Apache 2.0.64 2.2.21 mod_setenvif - Integer Overflow
Apache 2.0.64 2.2.21 modsetenvif - Integer Overflow Source: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ Background The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. The goal of this...
Medium: httpd
Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...
Exploit for Uncontrolled Resource Consumption in Apache Http_Server
PoC exploit for CVE-2011-3192, a Range Header DoS vulnerability...
RHEL 6 : httpd (RHSA-2011:1391)
Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
CentOS 4 / 5 : httpd (CESA-2011:1392)
Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...