5842 matches found
Design/Logic Flaw
The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...
Design/Logic Flaw
modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...
CVE-2010-0434
The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...
CVE-2010-0434
The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...
CVE-2010-0425
modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...
CVE-2010-0425
CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...
CVE-2010-0434
CVE-2010-0434 affects the Apache HTTP Server 2.2.x series (pre-2.2.15) where the ap_read_request handling in server/protocol.c for multithreaded MPMs could disclose memory contents by accessing headers of subrequests tied to an earlier request. Public sources in connected docs (e.g., Debian secur...
CVE-2010-0434
The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...
CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
Design/Logic Flaw
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
CVE-2010-0434
The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain...
Apache HTTP Server Multiple Security Vulnerabilities
Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Fedora Update for httpd FEDORA-2009-12747
Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2009-12747 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
[SECURITY] Fedora 11 Update: httpd-2.2.14-1.fc11
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Low: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.1 update
JBoss Enterprise Web Server 1.0.1 is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Web Server is a fully integrated and certified set of components for hosting Java web...
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...
CVE-2003-1581
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...
CVE-2003-1580
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...