Apache Httpd < 2.4.10 : mod_proxy denial of service

A flaw was found in modproxy in httpd versions 2.4.6 to 2.4.9. A remote attacker could send a carefully crafted request to a server configured as a reverse proxy, and cause the child process to crash. This could lead to a denial of service against a threaded MPM...

httpd: mod_dav denial of service via crafted DAV WRITE request

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

KLA10067 DoS vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Vectors related to modlogconfig can be exploited remotely via a specially designed cookie; 2. An improper...

MGASA-2014-0135 Updated apache packages fix security vulnerabilities

Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098...

Apache Httpd < 2.4.9 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Apache Httpd < 2.2.27 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Internet Bug Bounty: moderate: mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Apache Httpd < 2.4.10 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

Apache Httpd < 2.2.29 : mod_deflate denial of service

A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...

subversion -- mod_dav_svn vulnerability

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this...

Amazon Linux AMI : subversion (ALAS-2013-269)

The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The getparentresource...

Apache Httpd < 2.2.27 : mod_dav crash

XML parsing code in moddav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provide...

Apache Httpd < 2.4.9 : mod_dav crash

XML parsing code in moddav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provide...

CVE-2013-4558

The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...

CVE-2013-4558

The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...

CVE-2013-4558

CVE-2013-4558 affects Subversion’s mod_dav_svn in Apache HTTPD when built with assertions and SVNAutoversioning enabled, allowing remote DoS via a non-canonical URL (trailing /). Affected versions: Subversion 1.7.11–1.7.13 and 1.8.1–1.8.4. Root cause: assertion triggered by non-canonical requests...

Internet Bug Bounty Pays $5,000 for Severe Bugs

A bounty program begun by a bevy of industry heavyweights, including Microsoft and Facebook, will pay good money to white hats, researchers and even aspiring young hackers who find bugs in any of a dozen technologies central to the vitality and trustworthiness of the Internet. Dubbed the Internet...

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

Opolis.eu suffers from cross site request forgery, cross site scripting, denial of service, and remote blind SQL injection vulnerabilities. The vendor has not responded to the researchers reports of these issues...

Opolis.eu Secure Mail Blind SQL Injection / XSS / CSRF / DoS

========================================================================================================================================================================= OPOLIS.EU SECURE MAIL Blind SQLInjection / Cross site scripting / CSRF / Apacche httpd Remote D.O.S /PHP hangs on parsing...

Apache Httpd < 2.4.7 : mod_cache crash

A NULL pointer dereference was found in modcache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. Note that this vulnerability was fixed in the 2.4.7 release, but the security impact was not disclosed at the time of the release...