Important: Red Hat Security Advisory: php security update

Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RP...

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess restrictions defined in httpd.conf with directives like Deny From All by using an ErrorDocument directive. The Red Hat and CVE records confirm this is the same issue; vendor dispute noted that .htaccess applies to extern...

HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)

s700800 11.04 Virtualvault 4.7 OWS Apache 2.x update : A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service DoS or to bypass SSLCipherSuite restrictions. %NASLMINLEVEL 70300 C Tenable...

CVE-2005-1268

CVE-2005-1268 is an off-by-one overflow in Apache mod_ssl CRL verification callback when using a CRL, enabling a remote attacker to cause an Apache child process crash (DoS). Several advisories note this vulnerability and document patches/upstream fixes in Apache httpd releases; e.g., Red Hat/Cen...

CVE-2005-1268

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

CVE-2002-2103

CVE-2002-2103 affects Apache before 1.3.24. When writing to the log file, Apache may record a spoofed hostname from reverse DNS for an IP address, even if a double-reverse lookup fails, allowing remote attackers to hide the original source of activities. The provided documents do not include expl...

CVE-2002-2103

Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities...

CVE-2005-1268

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

CVE-2005-1268

Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...

USN-160-1: Apache 2 vulnerabilities

Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list CRL handler. If Apache is configured to use a malicious CRL, this could possibly lead to a server crash or arbitrary code execution with the privileges of the Apache web server. CAN-2005-1268 Watchfire...

FreeBSD : apache -- http request smuggling (651996e0-fe07-11d9-8329-000e0c2e438a)

A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this...

Apache SSL buffer overflow

Buffer overflow on sslcallbackSSLVerifyCRL function...

[NEWS] Apache ssl_callback_SSLVerify_CRL DoS

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2005:582 Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

Apache < 2.0.55 HTTP Smuggling Vulnerability

Binary data 3112.prm...

osCommerce Unprotected Admin Directory

The installation of osCommerce on the remote host apparently lets anyone access the application's admin directory, which means that they have complete administrative access to the site. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CVE-2002-2008

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message...

CVE-2002-2012

Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request...

CVE-2001-1534

modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication...

CVE-2001-1510

The CVE-2001-1510 entry concerns Allaire JRun versions 2.3.3, 3.0 and 3.1 running on IIS 4.0/5.0, iPlanet, Apache, JRun Web Server (JWS) and possibly other web servers. Affected component: the web server handling of certain crafted URLs, where appending one of three fragments ("%3f.jsp", "?.jsp",...