81 matches found
Solaris 9 (x86) : 114145-12
SunOS 5.9x86: Apache Security Patch. Date this patch was last updated by Sun : Mar/05/10 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
Multiple Apache vulnerabilities
modssl memory leak, logfile terminal escape sequences injection...
CVE-2003-0542
Multiple stack-based buffer overflows in 1 modalias and 2 modrewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service crash or execute arbitrary code via a regular expression with more than 9 captures...
Apache 2.0.x < 2.0.48 Multiple Vulnerabilities (OF, Info Disc.)
The remote host appears to be running a version of Apache 2.0.x prior to 2.0.48. It is, therefore, affected by multiple vulnerabilities : - The modrewrite and modalias modules fail to handle regular expressions containing more than 9 captures resulting in a buffer overflow. - A vulnerability may...
Apache < 1.3.28 Multiple Vulnerabilities (DoS, ID)
The remote host appears to be running a version of Apache which is older than 1.3.28 There are several flaws in this version, including a denial of service in redirect handling, a denial of service with control character handling in the 'rotatelogs' utility and a file descriptor leak in third-par...
CVE-2003-0192
Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...
Apache 2.0.x < 2.0.45 Multiple Vulnerabilities (DoS, File Write)
The remote host is running a version of Apache 2.0.x that is prior to 2.0.45. It is, therefore, reportedly affected by multiple vulnerabilities : - There is a denial of service attack that could allow an attacker to disable this server remotely. - The httpd process leaks file descriptors to child...
Important: Red Hat Security Advisory: apache, openssl security update for Stronghold
Updated versions of cross-platform Stronghold 4 are available to fix a number of vulnerabilities in OpenSSL and Apache. Stronghold 4 contains various open source technologies such as OpenSSL and Apache. A number of issues have been found in versions of these projects: Researchers discovered a...
Important: Red Hat Security Advisory: apache, openssl, php security update for Stronghold
Updated versions of Stronghold 3.0 are available to fix a number of vulnerabilities in OpenSSL, Apache, and PHP. Stronghold 3.0 contains a number of open source technologies such as OpenSSL, Apache, and PHP. The following paragraphs describe a number of issues that have been found in versions of...
Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold
Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...
Apache < 2.0.44 DOS Device Name Multiple Remote Vulnerabilities (Code Exec, DoS)
The remote host appears to be running a version of Apache for Windows that is older than 2.0.44. There are several flaws in this version that allow an attacker to crash this host or even execute arbitrary code remotely, but it only affects WindowsME and Windows9x. Note that Nessus solely relied o...
[SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 195-1 [email protected] http://www.debian.org/security/ Martin Schulze November 13th, 2002 http://www.debian.org/security/faq -...
DSA-195 apache-perl - several vulnerabilities
Bulletin has no description...
[SECURITY] [DSA 187-1] New Apache packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 187-1 [email protected] http://www.debian.org/security/ Martin Schulze November 4th, 2002 http://www.debian.org/security/faq -...
Apache < 1.3.27 Multiple Vulnerabilities (DoS, XSS)
The remote host is running a version of Apache web server prior to 1.3.27. It is, therefore, affected by multiple vulnerabilities : - There is a cross-site scripting vulnerability caused by a failure to filter HTTP/1.1 'Host' headers that are sent by browsers. - A vulnerability in the handling of...
Multiple bugs in Apache scoreboard
Any euid Apache process can DoS system by launching large number of child process and sending SIGUSR1 to any process as root. Buffer overflow in ab...
Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow
/ openssl-too-open.c - OpenSSL remote exploit Spawns a nobody/apache shell on Apache, root on other servers. by Solar Eclipse Thanks to Core, HD Moore, Zillion, Dvorak and Black Berry for their help. This code or any derivative versions of it may not be posted to Bugtraq or anywhere on...
Дырки в Apache (information leakage, directory traversal)
При создании .log-файла виртуального сервера не проверяется правильность заголовка Host, переданного клиентом, что позволяет создать лог файл в любом каталоге. В некоторых случаях возможно получить листинг каталога добавив /?M=D к запросу...
[CLA-2001:430] Conectiva Linux Security Announcement - apache
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : apache SUMMARY : Remote vulnerabilities in Apache...
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack...