266 matches found
F5 Networks BIG-IP : Apache vulnerability (K16863)
The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass 'RequestHeader unset' directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states 'this is not a security issue in httpd as such.' CVE-2013-5704 C...
F5 Networks BIG-IP : Apache vulnerability (SOL17251)
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension...
SOL52470083 - Apache vulnerability CVE-2010-0408
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
SUSE-SU-2015:1885-2 Security update for apache2
Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache bsc938728, CVE-2015-3183 Bugs fixed: - add SSLSessionTickets directive bsc941676 - hardcode modules %files bsc444878 - only enable...
F5 Networks BIG-IP : Apache vulnerability (SOL15902)
Memory leak in the aprbrigadesplitline function in buckets/aprbrigade.c in the Apache Portable Runtime Utility library aka APR-util before 1.3.10, as used in the modreqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service memory...
Apache ErrorDocument 400 Points to Denial of Service Vulnerability
Apache is an open source HTTPD service program. A security vulnerability exists in Apache that allows a remote user to crash an application via ErrorDocument 400 pointing to a local URL path containing an active INCLUDES filter, resulting in a denial-of-service attack...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
PT-2014-3641 · Apache +1 · Apache +1
Name of the Vulnerable Software and Affected Versions: FusionForge affected versions not specified Description: The issue is related to an insecure Apache configuration that is shipped with FusionForge. Recommendations: At the moment, there is no information about a newer version that contains a...
F5 Networks BIG-IP : Apache vulnerability (SOL15920)
Stack consumption vulnerability in the fnmatch implementation in aprfnmatch.c in the Apache Portable Runtime APR library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows...
SOL15920 - Apache vulnerability CVE-2011-0419
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. BIG-IP and...
F5 Networks BIG-IP : Apache vulnerability (SOL15273)
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...
Apache vulnerabilities-after suffix name parsing vulnerability-vulnerability warning-the black bar safety net
We all know that windows2003 + IIS6. 0, if the directory structure has xxx. asp such a directory, then all the directory of the file regardless of the extension of what are as asp to parse. We generally call this the loophole for windows2003+iis6. 0 directory to resolve the vulnerability. Blog...
PHPCMS v9 Getshell(apache parse-a vulnerability warning-the black bar safety net
Vulnerability type: file upload leads to arbitrary code execution Brief description: phpcms v9 getshell apache Detailed description: Vulnerability file: phpcms\modules\attachment\attachments.php 1. public function cropupload 2. isset$GLOBALS"HTTPRAWPOSTDATA" 3. $pic = $GLOBALS"HTTPRAWPOSTDATA"; 4...
CVE-2012-2760
modauthopenid before 0.7 for Apache uses world-readable permissions for /tmp/modauthopenid.db, which allows local users to obtain session ids...
PHP 5.4.x < 5.4.3 Multiple Vulnerabilities
Binary data 6495.prm...
Debian Security Advisory DSA 2452-1 (apache2)
The remote host is missing an update to apache2 announced via advisory DSA 2452-1. OpenVAS Vulnerability Test $Id: deb24521.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2452-1 apache2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
SOL13277 - Apache vulnerability CVE-2009-2412
Recommended action ARX To eliminate this vulnerability, upgrade to a version that is listed in the Versions known to be not vulnerable column of the table. To mitigate this vulnerability, do not enable access to the ARX management API. Supplemental Information Note: The previous link takes you to...
(mod_dav_svn): File contents disclosure of files configured to be unreadable by those users
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...
Ubuntu Update for apache2 vulnerability USN-990-2
Ubuntu Update for Linux kernel vulnerabilities USN-990-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN9902.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for apache2 vulnerability USN-990-2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
USN-813-2: Apache vulnerability
USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed...