5725 matches found
CVE-2011-4415
The CVE-2011-4415 issue affects the Apache HTTP Server (2.0.x up to 2.0.64 and 2.2.x up to 2.2.21) when mod_setenvif is enabled. The root cause is an integer overflow in ap_pregsub during environment variable handling (SetEnvIf), with a crafted .htaccess and HTTP header causing memory exhaustion ...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
Apache HTTP Server "ap_pregsub()"函数本地权限提升漏洞
BUGTRAQ ID: 50494 CVE ID: CVE-2011-3607 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在"appregsub"函数的实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞以提升的权限执行任意代码。 要触发此漏洞,需要启用modsetenvif,并且攻击者可以在受影响服务器中放置恶意的.htaccess文件。此漏洞源于 "appregsub" 函数 server/utils.c...
Apache 2.0.64 2.2.21 mod_setenvif - Integer Overflow
Apache 2.0.64 2.2.21 modsetenvif - Integer Overflow Source: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ Background The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. The goal of this...
Medium: httpd
Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...
Exploit for Uncontrolled Resource Consumption in Apache Http_Server
PoC exploit for CVE-2011-3192, a Range Header DoS vulnerability...
RHEL 6 : httpd (RHSA-2011:1391)
Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
CentOS 4 / 5 : httpd (CESA-2011:1392)
Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
RedHat Update for httpd RHSA-2011:1392-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2011:1392 Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
Updated httpd packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
httpd: mod_proxy_ajp remote temporary DoS
The modproxyajp module in the Apache HTTP Server before 2.2.21, when used with modproxybalancer in certain configurations, allows remote attackers to cause a denial of service temporary "error state" in the backend server via a malformed HTTP request...
Important: Red Hat Security Advisory: httpd security update
Updated httpd packages that fix one security issue are now available for Red Hat Application Stack v2. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
httpd: multiple ranges DoS
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service memory and CPU consumption via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different...
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
Apache HTTP Server is prone to an information disclosure vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Mandriva Linux Security Advisory : apache (MDVSA-2011:144)
A vulnerability has been discovered and corrected in apache : The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse...
Apache HTTP Server 'mod_proxy'反向代理信息泄露漏洞
Bugtraq ID: 49957 CVE ID:CVE-2011-3368 Apache HTTP Server是一款开放源代码的HTTPD服务程序。 Apache HTTP Server modproxy模块存在安全漏洞,允许恶意用户绕过部分安全限制。 当modproxy模块配置以反向代理模式时受此漏洞影响,由于不正确处理部分WEB请求,攻击者构建特制的URL可向代理后的不可期服务器发送恶意请求。 要成功利用漏洞需要使用具有一定的模式匹配的"ProxyPassMatch"和"RewriteRule"配置命令。 Apache 2.0.x Apache 2.2.x 厂商解决方案...