GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200409-21 Apache 2, moddav: Multiple vulnerabilities A potential infinite loop has been found in the input filter of modssl CAN-2004-0748 as well as a possible segmentation fault in the charbufferread function if reverse proxying ...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

DEBIAN-CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

No description provided by source. include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8;...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...

Fedora Core 2 : httpd-2.0.50-2.1 (2004-204)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)

This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in modssl which can be triggered remotely CVE-2004-0113, and a fix for escaping of error log output CVE-2003-0020. This update also includes an enhanced version of the modcgi module whic...

Fedora Core 1 : httpd-2.0.50-1.0 (2004-203)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Apache HTTPd Arbitrary Long HTTP Headers DoS

Exploit for unknown platform in category dos / poc ============================================ Apache HTTPd Arbitrary Long HTTP Headers DoS ============================================ /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html...

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

Apache Httpd < 2.0.51 : SSL connection infinite loop

An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

Apache Httpd < 2.0.45 : Line feed memory leak DoS

Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...