openSUSE Security Update : roundcubemail (openSUSE-2015-699)

roundcubemail was updated to version 1.0.7 to fix two security issues. These security issues were fixed : - XSS issue in drag-n-drop file uploads - Disallow unwanted access on files in the file system. The apache2 configuration file for roundcubemail allowed access to the roundcubemail/bin folder...

SUSE SLES11 Security Update : apache2 (SUSE-SU-2015:1885-2)

Apache was updated to fix one security vulnerability and two bugs. Following security issue was fixed. - Fix the chunked transfer coding implementation in the Apache bsc938728, CVE-2015-3183 Bugs fixed : - add SSLSessionTickets directive bsc941676 - hardcode modules %files bsc444878 - only enable...

SUSE: Security Advisory for apache2 (SUSE-SU-2014:1081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : apache2 (openSUSE-2015-635) (Logjam)

Apache2 was updated to fix security issues. - CVE-2015-3185: The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x did not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote...

[SECURITY] [DSA 3325-2] apache2 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-2 [email protected] https://www.debian.org/security/ Stefan Fritsch August 18, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3325-2] apache2 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-2 [email protected] https://www.debian.org/security/ Stefan Fritsch August 18, 2015 https://www.debian.org/security/faq -...

Automate Security Audit: netool.sh

Netool is a toolkit written in bash, python and ruby and provides easy automation for frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap – mostly MitM attacks. This toolkit makes tasks as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in...

Debian DSA-3325-1 : apache2 - security update

Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential...

[SECURITY] [DSA 3325-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 01, 2015 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3325-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3325-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 01, 2015 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3325-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 284-1] apache2 security update

Package : apache2 Version : 2.2.16-6+squeeze15 CVE ID : CVE-2015-3183 A vulnerability has been found in the Apache HTTP Server. CVE-2015-3183 Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling via a crafted request. This flaw...

Ubuntu: Security Advisory (USN-2625-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : apache2 update (USN-2625-1)

As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS : Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved,...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed : - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type cou...

CVE-2015-4000

The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHEEXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHEEXPORT and then...

SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0387-1)

This update fixes the following security issues with apache2 httpd : - Improper LDLIBRARYPATH handling CVE-2012-0883 - Filename escaping problem CVE-2012-2687 Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. Note that Tenable Network Security has...

SUSE SLES10 Security Update : apache2 (SUSE-SU-2014:1082-1)

This apache2 update fixes the following security issues : - logcookie modlogconfig.c remote denial of service CVE-2014-0098, bnc869106 - moddav denial of service CVE-2013-6438, bnc869105 - modcgid denial of service CVE-2014-0231, bnc887768 - modstatus heap-based buffer overflow CVE-2014-0226,...

SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)

This Apache2 LTSS roll-up update for SUSE Linux Enterprise 10 SP3 LTSS fixes the following security issues and bugs : - CVE-2012-4557: Denial of Service via special requests in modproxyajp - CVE-2012-0883: improper LDLIBRARYPATH handling - CVE-2012-2687: filename escaping problem - CVE-2012-0031:...

SuSE 11.3 Security Update : apache2 (SAT Patch Number 10533)

The Apache2 webserver was updated to fix various issues. The following feature was added : - Provide support for the tunneling of web socket connections to a backend websockets server. FATE316880 The following security issues have been fixed : - The modheaders module in the Apache HTTP Server...