Debian DSA-4353-1 : php7.0 - security update

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a 'Transfer-Encoding:...

Unspecified Vulnerability in Phusion Passenger

Phusion Passenger is an Apache module for deploying Ruby on Rails projects on Apache and Nginx web servers from Phusion Netherlands. A security vulnerability exists in the 'switchGroup' function in the agent/ExecHelper/ExecHelperMain.cpp file in Phusion Passenger, which stems from the program...

Multiple F5 products apache_auth_token_mod and mod_auth_f5_auth_token.cpp Apache module brute force vulnerability

F5 BIG-IP LTM and so on are products of F5 Corporation of the United States.F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. apacheauthtokenmod and modauthf5authtoken.cpp are among the modules. apache authtokenmod is an antitrust module...

puppetlabs-apache module information disclosure vulnerability

Puppet is the United States Puppet Labs a set of client/server C / S architecture based on the configuration management tools , it can be used to manage configuration files , users , cron tasks , packages , system services and so on. puppetlabs-apache module is one of the virtual hosts and Web...

DEBIAN-CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

UBUNTU-CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

Mod_Nss Module Information Disclosure Vulnerability

modnss is a module that provides encryption for the Apache HTTP server based on the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and uses the Network Security Services NSS security library to provide encryption. A security vulnerability exists in versions of the modnss modu...

PT-2017-8960 · Apache +1 · Subversion +3

Name of the Vulnerable Software and Affected Versions: Subversion as packaged in Red Hat Enterprise Linux 5.11 Description: The issue allows remote authenticated users with access to the webdav repository to cause a denial of service, resulting in memory consumption and httpd crash, due to improp...

Phusion Passenger Elevation of Privilege Vulnerability

Phusion Passenger is an Apache module for deploying Ruby on Rails projects on Apache and Nginx web servers from Phusion Netherlands. An elevation of privilege vulnerability exists in versions of Phusion Passenger prior to 5.1.0. A local attacker can exploit this vulnerability to gain privileges...

DEBIAN-CVE-2017-6413

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not skip OIDCCLAIM and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP...

[SECURITY] Fedora 23 Update: php-5.6.26-1.fc23

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CVE-2016-6312

A denial of service vulnerability was found in subversion. The moddontdothat component of the moddavsvn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in...

Mod_Nss Security Bypass Vulnerability

modnss is a module that provides encryption for the Apache HTTP server based on the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and uses the Network Security Services NSS security library to provide encryption. A security bypass vulnerability exists in modnss version 1.0.1...

Phusion Passenger Spoofing Vulnerability

Phusion Passenger is an Apache module for deploying Ruby on Rails projects on Apache and Nginx web servers. A security vulnerability exists in the agent/Core/Controller/SendRequest.cpp file of Phusion Passenger, which allows a remote attacker to forge the request header passed to the application ...

MGASA-2015-0254 Updated apache-mod_jk package fixes security vulnerability

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...

php: pipelined request executed in deinitialized interpreter under httpd 2.4

A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code...

Debian Security Advisory DSA 3278-1 (libapache-mod-jk - security update)

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...

DLA-170-1 mod-gnutls - security update

Bulletin has no description...

[SECURITY] [DSA 3177-1] mod-gnutls security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3177-1 [email protected] http://www.debian.org/security/ Sebastien Delafond March 10, 2015 http://www.debian.org/security/faq -...

Phusion Passenger Symbolic Link Attack Vulnerability (CNVD-2015-01260)

Phusion Passenger is an Apache module from the Dutch company Phusion for easier deployment of Ruby on Rails projects on Apache and Nginx web servers. Phusion Passenger 4.0.37 suffers from a symbolic link attack vulnerability due to the program not creating temporary files in a secure manner. An...