5747 matches found
CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the modcgi and modcg...
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
Important: bash
Issue Overview: GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vecto...
Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)
A denial of service vulnerability exists in Apache HTTP server. The vulnerability exists in the moddeflate module and is due to a resource exhaustion that is related to request body decompression configuration. A remote, unauthenticated attacker can leverage this vulnerability by sending a...
Apache HTTP Server error handling malformed HTTP headers Denial of Service (CVE-2014-0117)
A denial of service vulnerability has been reported in Apache HTTP server. The vulnerability is due to an error handling malformed HTTP headers. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server...
[SECURITY] Fedora 19 Update: php-5.5.16-1.fc19
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
GLSA-201408-12 : Apache HTTP Server: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201408-12 Apache HTTP Server: Multiple vulnerabilities Multiple vulnerabilities have been found in Apache HTTP Server. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a special...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 update
Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 6, Solaris, and Microsoft Windows. Red Hat Product Security has rated this update as having Important security impact. Common...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 update
Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.0 update
Red Hat JBoss Web Server 2.1.0, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Fedora 19 : httpd-2.4.10-1.fc19 (2014-9057)
This update includes the latest stable release of the Apache HTTP Server, httpd 2.4.10, fixing a number of security issues. http://www.apache.org/dist/httpd/Announcement2.4.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...
CentOS 5 / 6 : php / php53 (CESA-2014:1012)
Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
httpd: mod_cgid denial of service
A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...
httpd: mod_status heap-based buffer overflow
A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...
Moderate: Red Hat Security Advisory: php53 and php security update
Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Apache HTTP Server mod_status Heap Buffer Overflow (CVE-2014-0226)
A heap buffer overflow vulnerability exists in Apache httpd. The vulnerability is due to a race condition in the modstatus module running on a server with threaded MPM.Successful exploit may result in information disclosure or code execution...
openSUSE Security Update : php5 (openSUSE-2014-471)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
php5 was updated to fix security issues : CVE-2014-4670: Use-after-free vulnerability in ext/spl/spldllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in...
Apache HTTP Server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9 Multiple Vulnerabilities
Binary data 8343.prm...