The vulnerability of the Apache HTTP Server software allows a malicious attacker to compromise the accessibility of protected information.

The vulnerability exists in the modcgid module of the Apache HTTP Server due to the absence of a timeout mechanism. Exploiting this vulnerability allows malicious actors to cause a service failure by sending requests to the CGI script, thereby ignoring the data from their own stdin descriptor...

Apache Subversion httpd Server Denial of Service Vulnerability

Apache Subversion is the United States Apache Apache Software Foundation of a set of open source version control system. The main role of the system is compatible with concurrent version management system CVS. httpd servers is one of the httpd server. A denial-of-service vulnerability exists in t...

[SECURITY] Fedora 24 Update: php-5.6.20-1.fc24

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

http-apache-server-status NSE Script

Attempts to retrieve the server-status page for Apache webservers that have modstatus enabled. If the server-status page exists and appears to be from modstatus the script will parse useful information such as the system uptime, Apache version and recent HTTP requests. References: Script Argument...

Default Apache Configuration Can Unmask Tor Hidden Services

Attention Tor Onion Hosters! A year old loophole in Apache Web Server, uncovered by an unknown Computer Science Student, could potentially unmask the real identity of .onion-domains and servers hidden behind the Tor-network. Although the loophole was reported on Reddit and to the Tor Project mont...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled...

Moderate: Red Hat Enhancement Advisory: Red Hat JBoss Web Server 3.0.1 enhancement update

Updated Red Hat JBoss Web Server 3.0.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apach...

Automated Evil Twin Attack: infernal-twin

Evil twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a lapto...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

The vulnerability of the Apache HTTP Server web server allows attackers to trigger a service failure.

The vulnerability of the readrequestline function in the server/protocol.c component of the Apache HTTP Server is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted request...

Apache ap_some_auth_required() Security Bypass Vulnerability

Apache is an open source HTTPD service program. An unspecified security vulnerability exists in the Apache apsomeauthrequired function, where the Require directive is still used for authorization settings and displayed in the configuration because the program does not require authentication. A...

Apple MAC OS X Apache Server HTTP Authentication Bypass Vulnerability

Apple Mac OS X is a commercial operating system. Apple Mac OS X default Apache configuration does not contain the modhfsapple vulnerability, which allows remote attackers to exploit the vulnerability by submitting a special request to access HTTP authentication-protected directory information...

PT-2015-1596 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.14 Description: The issue is related to the improper parsing of chunk headers in the chunked transfer coding implementation, allowing remote attackers to conduct HTTP request smuggling attacks via a...

Websense Triton File Disclosure Vulnerability

Websense Triton is vulnerable to a file disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:websense:triton...

UBUNTU-CVE-2015-3330

The phphandler function in sapi/apache2handler/sapiapache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via pipelined HTTP...

[SECURITY] Fedora 21 Update: php-5.6.7-1.fc21

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...