77 matches found
GLSA-200410-21 : Apache 2, mod_ssl: Bypass of SSLCipherSuite directive
The remote host is affected by the vulnerability described in GLSA-200410-21 Apache 2, modssl: Bypass of SSLCipherSuite directive A flaw has been found in modssl where the 'SSLCipherSuite' directive could be bypassed in certain configurations if it is used in a directory or location context to...
CVE-2003-0020
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Chunked Encoding Remote Overflow / DoS
Binary data 1495.prm...
Apache < 1.3.14 Multiple Forward Slash Directory Listing
Binary data 1625.prm...
Mac OS X 10.5 < 10.5.7 Multiple Vulnerabilities
Binary data 5023.prm...
Apache - Arbitrary Long HTTP Headers Denial of Service
include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8; sockfd=socketAFINET,SOCKSTREAM,0;...
Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2004:046-1)
Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. Thanks to Ralf Engelschall of OpenPKG for providing the patches. Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences from its...
Mandrake Linux Security Advisory : apache2 (MDKSA-2004:055)
A stack-based buffer overflow exists in the sslutiluuencodebinary function in sslutil.c in Apache. When modssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided packages are patched to preve...
Mandrake Linux Security Advisory : apache (MDKSA-2001:077-1)
A problem exists with all Apache servers prior to version 1.3.19. The vulnerablity could allow directory indexing and path discovery on the vulnerable servers with a custom crafted request consisting of a long path name created artificially by using numerous slashes. This can cause modules to...
Mandrake Linux Security Advisory : apache2 (MDKSA-2004:064)
A Denial of Service Dos condition was discovered in Apache 2.x by George Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of memory. On 64bit systems with more than 4GB of virtual memory, this may also lead to a heap-based overflow. The updated packages contain a patch fr...
Mandrake Linux Security Advisory : apache2 (MDKSA-2003:050)
A memory leak was discovered in Apache 2.0 through 2.0.44 that can allow a remote attacker to cause a significant denial of service DoS by sending requests containing a lot of linefeed characters to the server. As well, Apache does not filter terminal escape sequences from its log files, which...
Solaris 9 (sparc) : 113146-13
SunOS 5.9: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
RHEL 2.1 : apache (RHSA-2002:251)
Updated apache and httpd packages are available which fix a number of security issues for Red Hat Linux Advanced Server 2.1. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Buffe...
[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy
-------------------------------------------------------------------------- Debian Security Advisory DSA 525-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 24th, 2004 http://www.debian.org/security/faq -...
Apache mod_disk_cache stores client authentication credentials on disk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary: ======== moddiskcache stores all client authentication credentials for cached objects on disk. This means proxy authentication credentials as well as in certain RFC2616 defined cases standard authentication credentials. In case of Basic...
CVE-2004-1834
moddiskcache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information...
CVE-2003-0249
PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache...
[RHSA-2003:320-01] Updated httpd packages fix Apache security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix Apache security vulnerabilities Advisory ID: RHSA-2003:320-01 Issue date: 2003-12-16 Updated on: 2003-12-16 Product:...
apache security update
Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to...
CVE-2003-0789
modcgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client...