Apache Httpd < 2.2.22 : mod_log_config crash

A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

Preemptive Protection against Apache HTTPD mod_proxy_ajp Denial of Service (CVE-2011-3348)

A denial of service vulnerability has been reported in Apache httpd server...

Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)

An information disclosure vulnerability has been reported in Apache httpd server. The vulnerability is due to insufficient input validation by the server while using the RewriteRule or ProxyPassMatch directives. A remote attacker may exploit this vulnerability by sending a series of specially...

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...

Apache Reverse Proxy Bypass

===============================ADVISORY============================== Systems Affected: Apache httpd Severity: High Category: Proxy Bypass Author: Context Information Security Ltd Reported to vendor: 16th November 2011 Advisory Issued: 5th October 2011 Reference: CVE-2011-3368...

Apache Httpd < 2.0.65 : mod_setenvif .htaccess privilege escalation

An integer overflow flaw was found which, when the modsetenvif module is enabled, could allow local users to gain privileges via a .htaccess file...

Apache Httpd < 2.2.22 : mod_setenvif .htaccess privilege escalation

An integer overflow flaw was found which, when the modsetenvif module is enabled, could allow local users to gain privileges via a .htaccess file...

Debian: Security Advisory (DSA-2298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2298-2 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 2298-2. OpenVAS Vulnerability Test $Id: deb22982.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2298-2 apache2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

Oracle Releases Security Alert for Oracle HTTP Server Products

Oracle has released a security alert to address a vulnerability in Apache HTTPD. This vulnerability affects: Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Application Server 10g Release 2,...

Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure

An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...

Apache HTTPD Ranges Header Field Denial of Service (CVE-2011-3192)

A denial of service vulnerability has been reported in Apache httpd server. A remote attacker may exploit this vulnerability to cause a DoS condition in an affected server. The vulnerability is due to an error in Apache's http server while handling requests with malformed Range header values. A...

Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS

A flaw was found when modproxyajp is used together with modproxybalancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service...

[SECURITY] [DSA 2298-2] apache2 regression fix

------------------------------------------------------------------------- Debian Security Advisory DSA-2298-2 [email protected] http://www.debian.org/security/ Stefan Fritsch September 05, 2011 http://www.debian.org/security/faq -...

Apache HTTPd Range Header Denial of Service Vulnerability

The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence...

[SECURITY] [DSA 2298-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2298-1 [email protected] http://www.debian.org/security/ Stefan Fritsch August 29, 2011 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2298-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2298-1 [email protected] http://www.debian.org/security/ Stefan Fritsch August 29, 2011 http://www.debian.org/security/faq -...

DSA-2298-1 apache2 - denial of service

Bulletin has no description...

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x &#40;CVE-2011-3192&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTPD Security ADVISORY ============================== UPDATE 2 Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x CVE: CVE-2011-3192 Last Change: 20110826 1030Z Date: 20110824 1600Z Product: Apache HTTPD Web Server Versions: Apache 1.3...