5707 matches found
Fedora Core 6 : httpd-2.2.4-2.1.fc6 (2007-615)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2007:0662 Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...
httpd mod_status XSS
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
Moderate: Red Hat Security Advisory: httpd security update
Updated Apache httpd packages that correct two security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...
[SECURITY] Fedora Core 6 Update: httpd-2.2.4-2.1.fc6
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Fedora Core 5 : httpd-2.2.2-1.3 (2007-617)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
[SECURITY] Fedora Core 5 Update: httpd-2.2.2-1.3
The Apache HTTP Server is a powerful, efficient, and extensible web server...
RHEL 3 : httpd (RHSA-2007:0533)
Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...
Apache HTTP Server Mod_Cache拒绝服务漏洞
Apache HTTP Server是一款开放源代码的WEB服务程序。 Apache HTTP Server包含的Modcache存在设计错误,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 如果Cache-Control头字段数据s-maxage, max-age, min-fresh, max-stale其中一个值不赋值,那么Modcache模块在解析的时候可导致应用程序崩溃,造成拒绝服务攻击。 RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5...
Design/Logic Flaw
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
DEBIAN-CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2006-5752
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
EUVD-2006-5736
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2006-5752
CVE-2006-5752 is a cross-site scripting (XSS) vulnerability in the Apache HTTP Server mod_status component when ExtendedStatus is enabled and a public server-status page is used. The issue arises via browsers performing charset detection when the content-type is not specified, allowing remote att...
CVE-2006-5752
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2007-1863
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
CVE-2007-1863
CVE-2007-1863 affects the Apache HTTP Server, specifically the mod_cache module. When caching is enabled and using a threaded MPM, a crafted request containing one of the Cache-Control headers (s-maxage, max-age, min-fresh, or max-stale) without a value can crash the Apache child process, causing...