[SECURITY] Fedora 11 Update: httpd-2.2.14-1.fc11

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Low: Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.1 update

JBoss Enterprise Web Server 1.0.1 is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Web Server is a fully integrated and certified set of components for hosting Java web...

CVE-2003-1581

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...

CVE-2003-1581

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log...

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

CVE-2003-1580

The CVE-2003-1580 issue affects Apache HTTP Server 2.0.44 when DNS resolution is enabled for client IPs. The vulnerability arises from a logging format that does not indicate whether a dotted-quad IP address is unresolved, which can allow remote attackers to spoof IP addresses by sending crafted ...

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

CVE-2010-0010

Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size that triggers a heap-based...

Integer overflow

Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size that triggers a heap-based...

CVE-2010-0010

Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size that triggers a heap-based...

CVE-2010-0010

The CVE-2010-0010 issue affects Apache HTTP Server’s mod_proxy (proxy_util.c) on 64-bit platforms. The root cause is an integer overflow in the ap_proxy_send_fb function when handling large chunk sizes, which can trigger a heap-based buffer overflow. This condition enables a remote origin server ...

[SECURITY] Fedora 11 Update: php-5.2.12-1.fc11

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Apache mod_proxy模块HTTP分块编码整数溢出漏洞

BUGTRAQ ID: 37966 CVECAN ID: CVE-2010-0010 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxy模块在执行字符类型转换时存在最终可导致堆溢出的整数溢出漏洞。以下是有漏洞的代码段： "./src/modules/proxy/proxyutil.c" long int approxysendfbBUFF f, requestrec r, cachereq c, offt len, int nowrite, int chunked, sizet recvbuffersize ... sizet...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer...

Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-2 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-1 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Design/Logic Flaw

Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the CRYPTOcleanupallexdata function, as demonstrate...

CVE-2009-4355

Memory leak in the zlibstatefulfinish function in crypto/comp/czlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service memory consumption via vectors that trigger incorrect calls to the CRYPTOcleanupallexdata function, as demonstrate...