GLSA-200601-05 : mod_auth_pgsql: Multiple format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200601-05 modauthpgsql: Multiple format string vulnerabilities The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact : An...

Mandrake Linux Security Advisory : apache2-mod_auth_pgsql (MDKSA-2006:009)

iDefense discovered several format string vulnerabilities in the way that modauthpgsql logs information which could potentially be used by a remote attacker to execute arbitrary code as the apache user if modauthpgsql is used for user authentication. The provided packages have been patched to...

Ubuntu 4.10 / 5.04 : apache2 vulnerability (USN-120-1)

Luca Ercoli discovered that the 'htdigest' program did not perform any bounds checking when it copied the 'user' and 'realm' arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the...

Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)

Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list CRL handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. CAN-2005-1268 Watchfire...

Ubuntu 4.10 : apache2 bug fix (USN-173-3)

USN-173-2 fixed a vulnerability in Apache's regular expression parser. However, the packages from that advisories had a bug that prevented Apache from starting. This update fixes this. We apologize for the inconvenience!. Note that Tenable Network Security has extracted the preceding description...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:233)

A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service memory consumption via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. As well, this update addresses two bu...

Ubuntu 4.10 / 5.04 : apache2, libapache-mod-ssl vulnerabilities (USN-177-1)

Apache did not honour the 'SSLVerifyClient require' directive within a block if the surrounding block contained a directive 'SSLVerifyClient optional'. This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

mod_auth_pgsql: Multiple format string vulnerabilities

Background modauthpgsql is an Apache2 module that allows user authentication against a PostgreSQL database. Description The error logging functions of modauthpgsql fail to validate certain strings before passing them to syslog, resulting in format string vulnerabilities. Impact An unauthenticated...

Mac OS X Multiple Vulnerabilities (Security Update 2005-009)

The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apachemodssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog C Tenable Network Security, Inc...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:161)

A flaw was discovered in modssl's handling of the 'SSLVerifyClient' directive. This flaw occurs if a virtual host is configured using 'SSLVerifyClient optional' and a directive 'SSLVerifyClient required' is set for a specific location. For servers configured in this fashion, an attacker may be ab...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)

Marc Stern reported an off-by-one overflow in the modssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list CVE-2005-1268. Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A...

Mandrake Linux Security Advisory : apache2 (MDKSA-2005:155)

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The apache2 packages, as shipped, were buil...

SUSE-SA:2005:046: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2005:046 apache,apache2. A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to 'smuggle' requests past filters by providing handcrafted header entries. Fixed Apache 2 server packages were...

SUSE-SA:2005:052: apache2

The remote host is missing the patch for the advisory SUSE-SA:2005:052 apache2. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:052 if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc';...

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 805-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 805-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

Security fix for the ALT Linux 10 package apache2 version 2.0.52-alt3

Dec. 27, 2004 Sviatoslav Sviridov 2.0.52-alt3 - updated alt-configure patch to check for available libldap and link with libldap - applied patches: + httpd-2.0.52-sslauth.patch + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.diff + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.diff +...

Security fix for the ALT Linux 8 package apache2 version 2.0.52-alt3

Dec. 27, 2004 Sviatoslav Sviridov 2.0.52-alt3 - updated alt-configure patch to check for available libldap and link with libldap - applied patches: + httpd-2.0.52-sslauth.patch + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.diff + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.diff +...

Security fix for the ALT Linux 9 package apache2 version 2.0.52-alt3

Dec. 27, 2004 Sviatoslav Sviridov 2.0.52-alt3 - updated alt-configure patch to check for available libldap and link with libldap - applied patches: + httpd-2.0.52-sslauth.patch + httpd-2.0.52-SSLCipherSuite-bypass-CAN-2004-0885.diff + httpd-2.0.52-memory-consumption-DoS-CAN-2004-0942.diff +...

FreeBSD : apache2 multiple space header denial-of-service vulnerability (9)

The following package needs to be updated: apache %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg282dfea0337811d9b404000c6e8f12ef.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...