5713 matches found
CVE-2009-2299
The Artofdefence Hyperguard Web Application Firewall WAF module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via an HTTP request with a large Content-Length valu...
ModSecurity: Denial of service
Background ModSecurity is a popular web application firewall for the Apache HTTP server. Description Multiple vulnerabilities were discovered in ModSecurity: Juan Galiana Lara of ISecAuditors discovered a NULL pointer dereference when processing multipart requests without a part header name...
RedHat Security Advisory RHSA-2009:1108
The remote host is missing updates announced in advisory RHSA-2009:1108. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains an embedded copy of the Apache Portable Runtime APR utility library, a free library of C data structures and...
RedHat Security Advisory RHSA-2009:1108
The remote host is missing updates announced in advisory RHSA-2009:1108. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains an embedded copy of the Apache Portable Runtime APR utility library, a free library of C data structures and...
Apache HTTP Server AllowOverride选项绕过安全限制漏洞
BUGTRAQ ID: 35115 CVECAN ID: CVE-2009-1195 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server没有正确地处理AllowOverride指令中的Options=IncludesNOEXEC选项,本地用户可以通过在.htaccess文件中配置1 Options Includes、2 Options +Includes或3 Options +IncludesNOEXEC并在.shtml文件中注入exec元素导致绕过安全限制获得权限。 Apache 2.2.x 厂商补丁: Apache Group...
CentOS 3 : httpd (CESA-2009:1108)
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat...
RHEL 3 : httpd (RHSA-2009:1108)
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat...
Moderate: Red Hat Security Advisory: httpd security update
Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat...
[Full-disclosure] CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of Service Vulnerabilities CA Advisory Reference: CA20090615-01 CA Advisory Date: 2009-06-15 Reported By: iViZ Security Research Team Impact: A remote attacker can cause a denial of servic...
RedHat Security Advisory RHSA-2009:1087
The remote host is missing updates announced in advisory RHSA-2009:1087. modjk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in modjk. In certain situations, if a faulty client set the...
Important: Red Hat Security Advisory: mod_jk security update
Updated modjk packages that fix one security issue are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team. modjk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to...
CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
CVE-2009-0023
The aprstrmatchprecompile function in strmatch/aprstrmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service daemon crash via crafted input involving 1 a .htaccess file used with the Apache HTTP Server, 2 the SVNMasterURI directive in the moddavsvn module in t...
Mandrake Security Advisory MDVSA-2009:124 (apache)
The remote host is missing an update to apache announced via advisory MDVSA-2009:124. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...
RedHat Security Advisory RHSA-2009:1075
The remote host is missing updates announced in advisory RHSA-2009:1075. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all...
RedHat Security Advisory RHSA-2009:1075
The remote host is missing updates announced in advisory RHSA-2009:1075. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all...
Apache HTTP Server "AllowOverride"和"Options"安全绕过漏洞
Bugraq ID: 35115 CVE ID:CVE-2009-1195 CNCVE ID:CNCVE-20091195 Apache是一款开放源代码的WEB服务程序。 Apache在处理".htaccess"文件中的"AllowOverride"和部分"options"参数存在错误,可导致通过SSI执行命令。 如下的配置存在安全问题: a 如果"AllowOverride Options=IncludesNoEXEC"配置在httpd.conf中,用户可以在.htaccess文件中设置"Options Includes",SSI将会以exec=允许方式启用。...
DEBIAN-CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...
CVE-2009-1195
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...