CVE-2009-3094

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

CVE-2009-3094

The CVE-2009-3094 issue affects Apache HTTP Server’s mod_proxy_ftp (ap_proxy_ftp_handler in proxy modules) and is caused by insufficient input validation in responses to EPSV commands. This allowed remote FTP servers to trigger a NULL pointer dereference, crashing a child httpd process and causin...

CVE-2009-3095

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

Fedora 11 : httpd-2.2.13-1.fc11 (2009-8812)

This update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: Fix a potential Denial-of-Service attack against moddeflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects...

Fedora Core 11 FEDORA-2009-8812 (httpd)

The remote host is missing an update to httpd announced via advisory FEDORA-2009-8812. OpenVAS Vulnerability Test $Id: fcore20098812.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8812 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Fedora Core 11 FEDORA-2009-8812 (httpd)

The remote host is missing an update to httpd announced via advisory FEDORA-2009-8812. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11

The Apache HTTP Server is a powerful, efficient, and extensible web server...

IBM WebSphere Application Server 7.0 < Fix Pack 5

IBM WebSphere Application Server 7.0 before Fix Pack 5 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - If the admin console is directly accessed from HTTP, the console fails to redirect t...

VMware Hosted products update libpng and Apache HTTP Server

a. Third Party Library libpng Updated to 1.2.35Several flaws were discovered in the way third party library libpnghandled uninitialized pointers. An attacker could create a PNG imagefile in such a way, that when loaded by an application linked tolibpng, it could cause the application to crash or...

VMSA-2009-0010:VMware Hosted products update libpng and Apache HTTP Server

VMSA-2009-0010.1 VMware Hosted products update libpng and Apache HTTP Server VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0010.1 VMware Security Advisory Synopsis: VMware Hosted products update libpng and Apache HTTP Server VMware Security Advisory Issue date: 2009-08-...

Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)

The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. OpenVAS Vulnerability Test $Id: mdksa2009183.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:183 apache-modsecurity Authors: Thomas Reinke Copyright:...

RedHat Security Advisory RHSA-2009:1205

The remote host is missing updates announced in advisory RHSA-2009:1205. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime APR libraries, which provide a free library of C data structur...

RedHat Security Advisory RHSA-2009:1205

The remote host is missing updates announced in advisory RHSA-2009:1205. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime APR libraries, which provide a free library of C data structur...

Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)

The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CentOS 3 : httpd (CESA-2009:1205)

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with...

Moderate: Red Hat Security Advisory: apr and apr-util security update

Updated apr and apr-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache Portable Runtime APR is a portability library used by the...

Mandriva Linux Security Advisory : apache-mod_auth_mysql (MDVSA-2009:189-1)

A vulnerability has been found and corrected in modauthmysql : SQL injection vulnerability in modauthmysql.c in the mod-auth-mysql aka libapache2-mod-auth-mysql module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for...

Apache HTTP Server HTTP-Basic认证绕过漏洞

Bugraq ID: 35840 CNCAN ID：CNCAN-2009072903 Apache HTTP Server是一款流行的WEB服务程序。 Apache HTTP Server存在HTTP-Basic认证绕过问题，远程攻击者可以利用漏洞访问受资源，获得敏感信息。 当用户要访问需要认证的资源时Apache HTTP Server会返回"401 Authorization Required"消息，也会包含提示需要哪种认证机制的HTTP消息，"Basic"认证是最通用的一种，基于BASE64编码的字符串：username:password，如果凭据正确，WEB服务器将返回"200...