45 matches found
EUVD-2013-1853
Malware in sbrugna...
mod_auth_openidc: DoS via Empty POST in mod_auth_openidc with OIDCPreservePost Enabled
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apescapehtml2 function. The issue results from the lack of proper validation of...
Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS
Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...
SonicWall Secure Mobile Access Multiple Vulnerabilities (SNWLID-2021-0026)
According to its self-reported version, the remote SonicWall Secure Mobile Access is affected by multiple vulnerabilities, including: - An unauthenticated stack-based buffer overflow due to the SonicWall SMA SSLVPN Apache httpd server GET method of modcgi module environment variables use a single...
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
CVE-2021-20038
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server’s modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a ‘nobody’ user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
PT-2021-5651 · Apache +1 · Apache Http Server +6
Name of the Vulnerable Software and Affected Versions: SonicWall SMA 100 Appliances version 10.2.0.8-37sv SonicWall SMA 100 Appliances version 10.2.1.1-19sv SonicWall SMA 100 Appliances version 10.2.1.2-24sv SonicWall SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19s...
Debian DSA-4757-1 : apache2 - security update
Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2020-1927 Fabrice Perez reported that certain modrewrite configurations are prone to an open redirect. - CVE-2020-1934 Chamal De Silva discovered that the modproxyftp module uses uninitialized memory when proxying to a...
[SECURITY] Fedora 29 Update: mod_http2-1.11.1-1.fc29
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...
[SECURITY] [DLA 1389-1] apache2 security update
Package : apache2 Version : 2.2.22-13+deb7u13 CVE ID : CVE-2017-15710 CVE-2018-1301 CVE-2018-1312 Debian Bug : Several vulnerabilities have been found in the Apache HTTPD server. CVE-2017-15710 Alex Nichols and Jakob Hirsch reported that modauthnzldap, if configured with AuthLDAPCharsetConfig,...
Debian DSA-3896-1 : apache2 - security update
Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2017-3167 Emmanuel Dreyfus reported that the use of apgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. - CVE-2017-3169 Vasileios Panopoulos of...
[SECURITY] [DSA 3896-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3896-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 22, 2017 https://www.debian.org/security/faq -...
Amazon Linux: Security Advisory (ALAS-2013-221)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DSA-3325-2 apache2 - regression update
Bulletin has no description...
CVE-2014-8108
The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...
CVE-2014-8108
The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...
Amazon Linux AMI : subversion (ALAS-2013-269)
The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The getparentresource...
CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
CVE-2013-4131
The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...