Apache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

Fedora 16 : httpd-2.2.21-1.fc16 (2011-12667)

This update contains the latest stable release of the Apache HTTP Server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Medium: httpd

Issue Overview: The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range...

httpd: multiple ranges DoS

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

Important: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.2 security update

An update for the Apache HTTP Server component for JBoss Enterprise Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: httpd and httpd22 security update

Updated httpd and httpd22 packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

httpd: multiple ranges DoS

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...

CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

Design/Logic Flaw

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

CVE-2011-3348

The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...

CVE-2011-3348

The CVE-2011-3348 issue affects the Apache HTTP Server’s mod_proxy_ajp in combination with mod_proxy_balancer, where certain configurations allow remote attackers to trigger a denial of service by sending a malformed HTTP request. The vulnerability is described as causing a temporary error state ...

[SECURITY] Fedora 15 Update: php-5.3.8-1.fc15

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 14 Update: php-5.3.8-1.fc14

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache HTTP Server mod_proxy_ajp拒绝服务漏洞

CVECAN ID: CVE-2011-3348 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器，可以在大多数电脑操作系统中运行，由于其跨平台和安全性被广泛使用，是最流行的Web服务器端软件之一。 Apache HTTP Server的modproxybalancer在实现上存在安全漏洞，恶意用户可利用此漏洞造成拒绝服务。 此漏洞源于结合modproxybalancer使用时，modproxyajp中的畸形HTTP请求处理时的错误。通过发送特制的HTTP请求，可造成后端服务器故障，直到重试超时结束后才会结束临时DoS。 Apache Group...

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)

This update includes the latest stable release of the Apache HTTP Server, version 2.2.21. Two security issues have been fixed : modproxyajp when combined with modproxybalancer: Prevents unrecognized HTTP methods from marking ajp: balancer members in an error state, avoiding denial of service...

Fedora Update for httpd FEDORA-2011-12715

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2011-12715 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...