Ubuntu 4.10 : apache2 bug fix (USN-173-3)

USN-173-2 fixed a vulnerability in Apache's regular expression parser. However, the packages from that advisories had a bug that prevented Apache from starting. This update fixes this. We apologize for the inconvenience!. Note that Tenable Network Security has extracted the preceding description...

Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)

Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list CRL handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. CAN-2005-1268 Watchfire...

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

Ubuntu 4.10 : apache2 vulnerability (USN-23-1)

Chintan Trivedi discovered a Denial of Service vulnerability in apache2. The field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server to cause HTTP server instances to consume proportional amounts ...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:233)

A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service memory consumption via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bu...

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

Mac OS X Multiple Vulnerabilities (Security Update 2005-009)

The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apachemodssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog C Tenable Network Security, Inc...

SUSE-SA:2005:052: apache2

The remote host is missing the patch for the advisory SUSE-SA:2005:052 apache2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:052 if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc';...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:155)

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were buil...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

SUSE-SA:2005:046: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2005:046 apache,apache2. A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to 'smuggle' requests past filters by providing handcrafted header entries. Fixed Apache 2 server packages were...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)

Marc Stern reported an off-by-one overflow in the modssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list CVE-2005-1268. Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A...

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 805-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 805-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

FreeBSD : apache2 -- SSL remote DoS (16)

The following package needs to be updated: apache %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7b81fc47239f11d9814e0001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

SUSE-SA:2004:030: apache2

The remote host is missing the patch for the advisory SUSE-SA:2004:030 apache2. The modssl apache module, as part of our apache2 package, enables the apache webserver to handle the HTTPS protocol. Within the modssl module, two Denial of Service conditions in the input filter have been found. The...

Mandrake Linux Security Advisory : apache2 (MDKSA-2004:043)

A memory leak in modssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. The updated packages provide a patched modssl to correct these problems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Security fix for the ALT Linux 9 package apache2 version 2.0.40-21

Feb. 24, 2003 Joe Orton &[email protected] 2.0.40-21 - add security fix for CAN-2003-0020; replace non-printable characters with '!' when printing to error log. - disable debuginfo on IA64...

Security fix for the ALT Linux 10 package apache2 version 2.0.40-21

Feb. 24, 2003 Joe Orton &[email protected] 2.0.40-21 - add security fix for CAN-2003-0020; replace non-printable characters with '!' when printing to error log. - disable debuginfo on IA64...

Security fix for the ALT Linux 8 package apache2 version 2.0.40-10

Oct. 9, 2002 Joe Orton &[email protected] 2.0.40-10 - fix patch for CAN-2002-0840 to also cover i18n error pages...