Debian Security Advisory DSA 805-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 805-1. Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1268 Marc Stern...

Debian Security Advisory DSA 1000-1 (libapreq2-perl)

The remote host is missing an update to libapreq2-perl announced via advisory DSA 1000-1. An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption. The old stable...

Debian: Security Advisory (DSA-1000-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1000-2 (libapreq2-perl)

The remote host is missing an update to libapreq2-perl announced via advisory DSA 1000-2. Gunnar Wolf noticed that the correction for the following problem was not complete and requires an update. For completeness we're providing the original problem description: An algorithm weakness has been...

Debian Security Advisory DSA 1132-1 (apache2)

The remote host is missing an update to apache2 announced via advisory DSA 1132-1. Mark Dowd discovered a buffer overflow in the modrewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitrary code. OpenVAS...

Debian Security Advisory DSA 1000-1 (libapreq2-perl)

The remote host is missing an update to libapreq2-perl announced via advisory DSA 1000-1. An algorithm weakness has been discovered in Apache2::Request, the generic request library for Apache2 which can be exploited remotely and cause a denial of service via CPU consumption. The old stable...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)

This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...

openSUSE 10 Security Update : apache2-mod_python (apache2-mod_python-4448)

This update fixes a buffer overflow in apache2-modpython that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. CVE-2004-2680 %NASLMINLEVEL 7030...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4807)

This version update to php 5.2.5 fixes numerous bugs including some security vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update apache2-modphp5-4807. The text description of this...

SuSE 10 Security Update : apache2-mod_python (ZYPP Patch Number 4449)

This update fixes a buffer overflow in apache2-modpython that occurs while using python-based output-filter. This bug can be triggered remotely to read possibly confidential data from the process space of the web-server and in rare cases to execute arbitrary code. CVE-2004-2680 %NASLMINLEVEL 7030...

SuSE 10 Security Update : apache2 (ZYPP Patch Number 4669)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. CVE-2006-5752 - modcache: Prevent a...

SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906)

This update fixes security problems in the Apache2 webserver : modrewrite: Fixed an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. CVE-2006-3747 For SUSE Linux Enterprise Server 10 additionally an old securi...

openSUSE 10 Security Update : apache2 (apache2-4666)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863:...

Ubuntu 6.06 LTS / 6.10 / 7.04 : apache2 vulnerabilities (USN-499-1)

Stefan Esser discovered that modstatus did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to...

Ubuntu 5.04 / 5.10 / 6.06 LTS : apache2 vulnerability (USN-328-1)

Mark Dowd discovered an off-by-one buffer overflow in the modrewrite module's ldap scheme handling. On systems which activate 'RewriteEngine on', a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code this has not been verified...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3978)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2039)

the CURL module lacked checks for control characters CVE-2006-2563 - strrepeat contained an integer overflow - ext/wddx contained a buffer overflow - memorylimit lacked checks for integer overflows - a bug in sscanf could potentially be exploited to execute arbitrary code CVE-2006-4020 - an...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2153)

The inirestore method could be exploited to reset options set in the webserver config to their default values CVE-2006-4625. The memory handling routines contained an integer overflow CVE-2006-4812. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-2238)

This update fixes the following security problems in the PHP scripting language : - CVE-2006-5465: Various buffer overflows in htmlentities/htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used. - A missing...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)

This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...