979 matches found
DSA-1970-1 openssl - denial of service
Bulletin has no description...
RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several...
RHEL 4 : Satellite Server (RHSA-2008:0261)
Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal...
Apache Httpd < 1.3.42 : mod_proxy overflow on 64-bit systems
An incorrect conversion between numeric types flaw was found in the modproxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted...
Apache Httpd < 2.0.64 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 2.2.17 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Fedora 12 : httpd-2.2.14-1.fc12 (2009-12606)
This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could u...
Fedora 10 : httpd-2.2.14-1.fc10 (2009-12604)
This update contains the latest stable release of Apache httpd. Three security fixes are included, along with several minor bug fixes. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could u...
Apache Httpd < 2.2.15 : Subrequest handling of request headers (mod_headers)
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...
Apache Httpd < 2.0.64 : Subrequest handling of request headers (mod_headers)
A flaw in the core subrequest process code was fixed, to always provide a shallow copy of the headersin array to the subrequest, instead of a pointer to the parent request's array as it had for requests without request bodies. This meant all modules such as modheaders which may manipulate the inp...
httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...
Important: Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update
Red Hat Application Stack v2.4 is now available. This update fixes several security issues and adds various enhancements. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Application Stack v2.4 is an integrated open source application...
Apache Httpd < 2.2.14 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
Apache Httpd < 2.0.64 : mod_proxy_ftp FTP command injection
A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...
Apache Httpd < 2.0.64 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Apache Httpd < 2.2.17 : expat DoS
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...
Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. OpenVAS Vulnerability Test $Id: mdksa2009183.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:183 apache-modsecurity Authors: Thomas Reinke Copyright:...
Apache Httpd < 2.2.14 : Solaris pollset DoS
Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...