Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

Apache Httpd < 2.0.49 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

BUG IN APACHE HTTPD SERVER &#40;current version 2.0.47&#41;

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

Apache Httpd < 1.3.31 : mod_digest nonce checking

moddigest does not properly verify the nonce of a client response by using a AuthNonce secret. This could allow a malicious user who is able to sniff network traffic to conduct a replay attack against a website using Digest protection. Note that moddigest implements an older version of the MD5...

Apache Httpd < 1.3.31 : Allow/Deny parsing on big-endian 64-bit platforms

A bug in the parsing of Allow/Deny rules using IP addresses without a netmask on big-endian 64-bit platforms causes the rules to fail to match...

Moderate: Red Hat Security Advisory: : Updated httpd packages fix Apache security vulnerabilities

Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl included with Apache 2...

Apache Httpd < 1.3.29 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 2.0.48 : Local configuration regular expression overflow

By using a regular expression with more than 9 captures a buffer overflow can occur in modalias or modrewrite. To exploit this an attacker would need to be able to create a carefully crafted configuration file .htaccess or httpd.conf...

Apache Httpd < 1.3.28 : RotateLogs DoS

The rotatelogs support program on Win32 and OS/2 would quit logging and exit if it received special control characters such as 0x1A...

Apache Httpd < 2.0.47 : Remote DoS with multiple Listen directives

In a server with multiple listening sockets a certain error returned by accept on a rarely access port can cause a temporary denial of service, due to a bug in the prefork MPM...

Apache Httpd < 2.0.47 : Remote DoS via IPv6 ftp proxy

When a client requests that proxy ftp connect to a ftp server with IPv6 address, and the proxy is unable to create an IPv6 socket, an infinite loop occurs causing a remote Denial of Service...

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...

Apache Httpd < 2.0.46 : OS2 device name DoS

Apache on OS2 up to and including Apache 2.0.45 have a Denial of Service vulnerability caused by device names...

Important: Red Hat Security Advisory: : Updated mod_auth_any packages available

Updated modauthany packages are now available for Red Hat Linux. modauthany is a Web server module that allows the Apache httpd server to call arbitrary external programs to verify user passwords. Vulnerabilities have been found in the way modauthany escapes shell arguments when calling external...

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

A bug in the optional renegotiation code in modssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used SSLOptions +OptRenegotiate along with verification of client certificates and a change to the cipher suite over the...

Apache Httpd < 2.0.46 : Basic Authentication DoS

A build system problem in Apache 2.0.40 through 2.0.45 allows remote attackers to cause a denial of access to authenticated content when a threaded server is used...

Apache Httpd < 2.0.46 : APR remote crash

A vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other vectors...

Apache Httpd < 1.3.26 : Filtered escape sequences

Apache did not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 1.3.31 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...

Apache Httpd < 2.0.49 : Error log escape filtering

Apache does not filter terminal escape sequences from error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...