CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

RedHat Security Advisory RHSA-2009:1580

The remote host is missing updates announced in advisory RHSA-2009:1580. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw t...

RedHat Security Advisory RHSA-2009:1579

The remote host is missing updates announced in advisory RHSA-2009:1579. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw t...

RedHat Security Advisory RHSA-2009:1580

The remote host is missing updates announced in advisory RHSA-2009:1580. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw t...

Mandriva Linux Security Advisory : apache-conf (MDVSA-2009:300-2)

A vulnerability was discovered and corrected in apache-conf : The Apache HTTP Server enables the HTTP TRACE method per default which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software CVE-2009-2823. This update provides a solution to this...

Apache mod_proxy_ftp模块空指针引用拒绝服务漏洞

BUGTRAQ ID: 36260 CVE ID: CVE-2009-3094 Apache HTTP Server是一款流行的Web服务器。 Apache的modproxyftp模块中modules/proxy/proxyftp.c文件的approxyftphandler函数中存在空指针引用漏洞，正在被代理的恶意FTP服务器可以通过发送特制的EPSV或PASV命令回复导致httpd子进程崩溃，造成有限的拒绝服务。 Apache Group Apache 2.2.x 厂商补丁： Apache Group ------------...

Apache mod_proxy_ftp模块远程命令注入漏洞

BUGTRAQ ID: 36254 CVE ID: CVE-2009-3095 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxyftp模块中存在远程命令注入漏洞。在逆向代理配置中，远程攻击者可以利用这个漏洞通过创建特制的HTTP Authorization头绕过预期的访问限制，向FTP服务器发送任意命令。 Apache Group Apache 2.2.x 厂商补丁： Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2009:1580 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular We...

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...

Cross site scripting

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...

Authentication flaw

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure VDI 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server...

CVE-2009-3923

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure VDI 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server...

CVE-2009-3923

The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure VDI 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server...

CVE-2009-3923

The CVE-2009-3923 entry concerns VirtualBox 2.0.8/2.0.10 web service within Sun Virtual Desktop Infrastructure (VDI) 3.0 that does not require authentication. This allows remote attackers to obtain unspecified access through Apache HTTP Server–related request vectors. Relevant data from the conne...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

Cross site request forgery (csrf)

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...