MGASA-2022-0105 Updated apache packages fix security vulnerability

SECURITY: CVE-2022-23943: modsed: Read/write beyond bounds. Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. Credits: Ronald Crane Zippenhop LLC SECURITY: CVE-2022-22721: core: Possible buffer...

MGASA-2021-0577 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...

MGASA-2021-0461 Updated apache packages fix security vulnerabilities

The updated packages fix a security vulnerabilities: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in...

MGASA-2021-0439 Updated apache packages fix security vulnerability

A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. CVE-2021-33193 Malformed requests may cause the server to dereference a NULL pointer. CVE-2021-34798 A carefully crafted request uri-path can cause...

MGASA-2021-0265 Updated apache packages fix security vulnerabilities

modproxywstunnel tunneling of non Upgraded connections: Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connecti...

MGASA-2018-0460 Updated apache packages fix security vulnerabilities

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

MGASA-2018-0007 Updated apache packages fix security vulnerability

modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC CVE-2016-0736...

MGASA-2016-0262 Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

MGASA-2015-0099 Updated apache packages fix CVE-2015-0228

Updated apache packages fix security vulnerability: In the modlua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash CVE-2015-0228...

MGASA-2013-0230 Updated apache packages fix CVE-2013-1896

Updated apache packages fix security vulnerability: moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

MGASA-2013-0174 Updated apache packages fix security vulnerabilities

It was found that modrewrite did not filter terminal escape sequences from its log file. If modrewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the modrewrite log file. If a victim viewed the...

[slackware-security] Apache httpd

New Apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues. More details about the issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2005-3352 In addition, new modssl packages for...

RHEL 2.1 : apache (RHSA-2003:360)

Updated Apache packages that fix a minor security issue are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue in the handling of regular expressions from configuration files was discovered in...

[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 525-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 24th, 2004 http://www.debian.org/security/faq -...

Critical: Red Hat Security Advisory: openssl, mm security update for Stronghold

Updated Apache packages are available which fix several serious buffer overflow vulnerabilities in OpenSSL and a local privilege escalation vulnerability in MM. Note: Please read the "Solution" section below as there are special upgrade instructions for this errata. ----------- OpenSSL is a...

new apache/mod_ssl packages available

...