apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

Apache HTTP Server Version

The remote host is running the Apache HTTP Server, an open source web server. It was possible to read the version number from the banner. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid48204; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate",...

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

Path traversal

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

CVE-2010-1452

CVE-2010-1452 affects Apache HTTP Server 2.2.x (before 2.2.16) via the mod_cache and mod_dav components. A request that lacks a path can crash the server, causing a denial of service. Debian advisories and related vendor notes confirm the issue and describe fixes/upgrades to 2.2.16 (and subsequen...

CVE-2010-1452

The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities

Apache HTTP Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to deny service to legitimate users. Versions prior to Apache 2.2.16 are vulnerable. OpenVAS Vulnerability Test $Id: gbapache41963.nasl 5263 2017-02-10 13:45:51Z teissa $ Apache...

Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities

Apache HTTP Server is prone to multiple remote denial-of-service vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...

Apache Byte-Range Filter Denial of Service (CVE-2005-2728)

Apache HTTP Server is the most widely deployed web servers on the Internet. Apache HTTP server is capable of running on Microsoft Windows and wide variety of Unix-like platforms. The server may be run as a standalone web server, a proxy, or a reverse proxy. There exists a denial of service...

Fedora 13 : httpd-2.2.15-1.fc13 (2010-5942)

The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server 'httpd'. This version is principally a security and bugfix release. Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses...

Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131)

The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server 'httpd'. This version is principally a security and bugfix release. Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses...

Apache HTTP Server mod_negotiation Filename Handling Cross Site Scripting (CVE-2008-0455)

Apache HTTP server is a web server application that has a very broad user base. The software is made compliant to most W3C standards and recommendation. Apache HTTP server has a modular framework for developing and loading feature extension modules. Some of the Apache HTTP server features are...

Apache mod_proxy_http模块超时处理信息泄露漏洞

BUGTRAQ ID: 40827 CVE ID: CVE-2010-2068 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server的modproxyhttp模块中的modproxyhttp.c文件没有正确地检测超时，在某些超时情况下服务器可能返回属于其他用户的响应，导致泄漏敏感信息。仅有可触发使用代理worker池的配置才受影响。 Apache 2.2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Design/Logic Flaw

modproxyhttp.c in modproxyhttp in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive...

CVE-2010-2068

modproxyhttp.c in modproxyhttp in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive...

CVE-2010-2068

modproxyhttp.c in modproxyhttp in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive...

CVE-2010-2068

CVE-2010-2068 affects Apache HTTP ServerAffected: mod_proxy_http.c in Apache HTTP Server 2.2.9–2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, OS/2 in certain proxy worker pool configurations.Root cause: timeout handling in mod_proxy_http did not correctly detect timeouts, allowing a re...

Fedora Update for httpd FEDORA-2010-6055

Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2010-6055 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 12 Update: httpd-2.2.15-1.fc12.2

The Apache HTTP Server is a powerful, efficient, and extensible web server...