Subversion -- multiple vulnerabilities

Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will use excessive amounts of memory when a large number of properties are set or deleted on a node. Subversion's moddavsvn Apache HTTPD server module will crash when a LOCK request is made against activity URLs...

CVE-2013-1845

The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service memory consumption by 1 setting or 2 deleting a large number of properties for a file or directory...

CVE-2013-1846

The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a LOCK on an activity URL...

Apache Httpd < 2.0.65 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.2.25 : mod_rewrite log escape filtering

modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.4.6 : mod_dav crash

Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...

Debian DSA-2637-1 : apache2 - several issues

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2012-3499 The modules modinfo, modstatus, modimagemap, modldap, and modproxyftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. - CVE-2012-4558 Modproxybalancer did n...

[SECURITY] [DSA 2637-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2637-1 [email protected] http://www.debian.org/security/ Stefan Fritsch March 04, 2013 http://www.debian.org/security/faq -...

RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)

Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. The Red Hat Network Proxy Server 4.2....

CVE-2012-4556

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 allows remote attackers to cause a denial of service Apache httpd web server child process restart via certain unspecified empty search fields in a user certificate search query...

Null pointer dereference

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service NULL pointer dereference and Apache httpd web server child process crash via unspecifie...

CVE-2012-4555

CVE-2012-4555 affects Red Hat Certificate System (RHCS) pki-tps before version 8.1.3. The vulnerability arises from improper handling of interruptions during token format operations, allowing a remote attacker to cause a denial of service via a NULL pointer dereference, crashing the Apache httpd ...

CVE-2012-4555

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service NULL pointer dereference and Apache httpd web server child process crash via unspecifie...

CVE-2012-4556

The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 allows remote attackers to cause a denial of service Apache httpd web server child process restart via certain unspecified empty search fields in a user certificate search query...

CVE-2012-4556

CVE-2012-4556 affects Red Hat Certificate System (RHCS) under the token processing component pki-tps. The issue allows remote attackers to cause a denial-of-service by triggering an Apache httpd child process restart through certain unspecified empty search fields in a user certificate search que...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

Moderate: Red Hat Security Advisory: pki security update

Updated pki-common and pki-tps packages that fix multiple security issues are now available for Red Hat Certificate System 8.1. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Debian Security Advisory DSA 2579-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 2579-1. OpenVAS Vulnerability Test $Id: deb25791.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2579-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2579-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Httpd < 2.2.22 : mod_proxy_ajp remote DoS

A flaw was found when modproxyajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of...