Debian DLA-71-1 : apache2 security update

This update fixes two security issues with apache2. CVE-2013-5704 Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header operations made by other modules. This can be restored with a new MergeTrailers directive. CVE-2014-3581 Fix deni...

Debian DLA-66-1 : apache2 security update

CVE-2014-0231: prevent denial of service in modcgid. CVE-2014-0226: prevent denial of service via race in modstatus. CVE-2014-0118: fix resource consumption via moddeflate body decompression. CVE-2013-6438: prevent denial of service via moddav incorrect end of string NOTE: Tenable Network Securit...

Ubuntu: Security Advisory (USN-2523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2523-1 apache2 vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...

openSUSE Security Update : apache2 (openSUSE-2015-191)

apache2 was updated to fix one security issue. This security issue was fixed : - CVE-2015-0228: Modlua websocket DoS bnc918352. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2015-19...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1726-1)

Apache2 was updated to fix bugs and security issues. Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way modheaders handled chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior bnc871310, CVE-2014-8109: Fixes handling of the Require line when a...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)

This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNIignorecase.diff -...

mod_wsgi: Privilege escalation

Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...

SuSE 11.3 Security Update : php53 (SAT Patch Number 9916)

This update fixes the following vulnerabilities in php : - Heap corruption issue in exifthumbnail. CVE-2014-3670 - Integer overflow in unserialize. CVE-2014-3669 - Xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime. CVE-2014-3668 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

[SECURITY] [DLA 71-1] apache2 security update

Package : apache2 Version : 2.2.16-6+squeeze14 CVE ID : CVE-2013-5704 CVE-2014-3581 This update fixes two security issues with apache2. CVE-2013-5704 Disable the possibility to replace HTTP headers with HTTP trailers as this could be used to circumvent earlier header operations made by other...

DLA-71-1 apache2 - security update

Bulletin has no description...

Apache2 PHP Component Chunked Transfer Encoding Policy Bypass (CVE-2013-5705; CVE-2018-17082)

A cross-site scripting vulnerability exists in Apache2 PHP component. The vulnerability is due to improper comparison of the user supplied input of the HTTP Transfer-encoding header field. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to sen...

[SECURITY] [DLA 66-1] apache2 security update

Package : apache2 Version : 2.2.16-6+squeeze13 CVE ID : CVE-2013-6438 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-0231: prevent denial of service in modcgid. CVE-2014-0226: prevent denial of service via race in modstatus. CVE-2014-0118: fix resource consumption via moddeflate body...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)

This apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to 'no' in /etc/apache2/ssl-global.conf - ssl-global.conf: SSLHonorCipherOrder set to on -...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1)

This apache2 update fixes the following security issues : - fix for crash in modproxy processing specially crafted requests with reverse proxy configurations that results in a crash and a DoS condition for the server. CVE-2014-0117 - new config option CGIDScriptTimeout set to 60s in new file...

openSUSE: Security Advisory for security (openSUSE-SU-2014:0969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)

apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...

Ubuntu: Security Advisory (USN-2299-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2989-1 : apache2 - security update

Several security issues were found in the Apache HTTP server. - CVE-2014-0118 The DEFLATE input filter inflates request bodies in moddeflate allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size. - CVE-2014-0226 ...

[SECURITY] [DSA 2989-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2989-1 [email protected] http://www.debian.org/security/ Stefan Fritsch July 24, 2014 http://www.debian.org/security/faq -...