CVE-2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...

[SECURITY] [DSA 3405-1] smokeping security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq -...

Apache Httpd < 2.4.26 : mod_mime Buffer Overread

modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

Apache Httpd < 2.2.34 : mod_mime Buffer Overread

modmime can read one byte past the end of a buffer when sending a malicious Content-Type response header...

CVE-2007-3303

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that 1 stop request processing by killing all worker processes and preventing creation of replacements or 2 hang the system by forcin...

subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

It was found that the modauthzsvn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Amazon Linux: Security Advisory (ALAS-2013-221)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error...

DSA-3325-2 apache2 - regression update

Bulletin has no description...

Debian DSA-3331-1 : subversion - security update

Several security issues have been found in the server components of the version control system subversion. - CVE-2015-3184 Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that...

CVE-2015-3184

CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...

[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3331-1 (subversion - security update)

Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion OpenVAS Vulnerability Test $Id: deb3331.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3331-1 using nvtgen 1.0 Script version: 1.0 Author...

UBUNTU-CVE-2015-3184

modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name...

Debian Security Advisory DSA 3325-1 (apache2 - security update)

Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacki...

DSA-3325-1 apache2 - security update

Bulletin has no description...

F5 Networks BIG-IP : Apache HTTPD vulnerability (SOL16907)

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

SOL16907 - Apache HTTPD vulnerability CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...