Apache Httpd < 2.2.29 : HTTP Trailers processing bypass

HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

Obehotel CMS Denial Of Service / SQL Injection

OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY ------------------------- Title: OBEHOTEL CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing /...

MGASA-2013-0244 Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

Apache Httpd < 2.4.16 : ap_some_auth_required API unusable

A design error in the "apsomeauthrequired" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

Out-of-bounds

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

CVE-2013-4131

CVE-2013-4131 affects Subversion’s mod_dav_svn in the Apache httpd module. Versions 1.7.0–1.7.10 and 1.8.x prior to 1.8.1 can be remotely triggered by authenticated users through certain COPY, DELETE, or MOVE requests against a revision root to cause a denial of service (assertion failure or out-...

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

FreeBSD : suPHP -- Privilege escalation (2fbfd455-f2d0-11e2-8a46-000d601460a4)

suPHP developer Sebastian Marsching reports : When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowe...

KLA10068 Multiple vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary commands Below is a complete list of vulnerabilities 1. An improper DAV restriction vulnerability can be exploited remotely via a...

KLA10065 Multiple vulnerabilities in Apache httpd

Multiple serious vulnerabilities have been found in Apache httpd. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code, obtain sensitive information or bypass security restrictions. Below is a complete list of vulnerabilities 1. An...

subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior...

Apache Httpd < 2.4.6 : mod_session_dbd session fixation flaw

A flaw in modsessiondbd caused it to proceed with save operations for a session without considering the dirty flag and the requirement for a new session ID...

SuSE 10 Security Update : subversion (ZYPP Patch Number 8552)

This update fixes several DoS vulnerabilities in subversion's moddavsvn Apache HTTPD server module. CVE-2013-1849 / CVE-2013-1846 / CVE-2013-1845 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...

suPHP -- Privilege escalation

suPHP developer Sebastian Marsching reports: When the suPHPPHPPath was set, modsuphp would use the specified PHP executable to pretty-print PHP source files MIME type x-httpd-php-source or application/x-httpd-php-source. However, it would not sanitize the environment. Thus a user that was allowed...