pcre security update

CentOS Errata and Security Advisory CESA-2005:761-02 Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow...

php5 in Slackware 10.1

A new php5 package is available for Slackware 10.1 in /testing to fix security issues. PHP has been relinked with the shared PCRE library to fix an overflow issue with PHP's builtin PRCE code, and PEAR::XMLRPC has been upgraded to version 1.4.0 which eliminates the eval function. The eval functio...

[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling

-------------------------------------------------------------------------- Debian Security Advisory DSA 803-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling

-------------------------------------------------------------------------- Debian Security Advisory DSA 803-1 [email protected] http://www.debian.org/security/ Martin Schulze September 8th, 2005 http://www.debian.org/security/faq -...

DSA-805-1 apache2 - several

Bulletin has no description...

USN-177-1: Apache 2 vulnerabilities

Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. CAN-2005-2700 Filip Sneppe discovered a...

Apache mod_ssl unauthenticated access

Client can access path with "SSLVerifyClient require" without authentication in global settings for vurtual host have "SSLVerifyClient optional"...

DSA-803-1 apache - programming error

Bulletin has no description...

security flaw

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

Apache PCRE Integer Overflow Vulnerability

Secunia Advisory: SA16688 Release Date: 2005-09-05 Critical: Less critical Impact: Privilege escalation Where: Local system Solution Status: Vendor Patch Software: Apache 2.0.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. CVE reference:...

USN-173-3: Fixed apache2 packages for USN-173-2

USN-173-2 fixed a vulnerability in Apache's regular expression parser. However, the packages from that advisories had a bug that prevented Apache from starting. This update fixes this. We apologize for the inconvenience!...

CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

CVE-2005-2728

Apache httpd is affected by CVE-2005-2728 due to a flaw in the byte-range filter that can cause memory exhaustion and denial of service when handling HTTP requests with a large Range header, as described in multiple connected advisories. The issue affects Apache httpd 2.0.x before 2.0.54 (and var...

CVE-2005-2728

The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...

Apache web server DoS

Wide HTTP request byterange paramters for CGI application leads to memory exhaustion...

[ GLSA 200508-15 ] Apache 2.0: Denial of Service vulnerability

Gentoo Linux Security Advisory GLSA 200508-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Apache 2.0: Denial of Service vulnerability

Background The Apache HTTP Server Project is a featureful, freely-available HTTP Web server. Description Filip Sneppe discovered that Apache improperly handles byterange requests to CGI scripts. Impact A remote attacker may access vulnerable scripts in a malicious way, exhausting all RAM and swap...

RHEL 4 : php (RHSA-2005:748)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:748 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package...