CVE-2001-1534

CVE-2001-1534 affects Apache with the mod_usertrack module (versions 1.3.11–1.3.20). The vulnerability arises from generating session IDs with predictable information (host IP, system time, server PID), enabling local users to obtain session IDs and bypass authentication when those IDs are used f...

CVE-2002-2007

The CVE-2002-2007 vulnerability affects Apache Tomcat 3.2.3 and 3.2.4, where remote attackers could obtain sensitive information (directory listings and web root path) via erroneous HTTP requests to JSP-related paths (test/jsp, samples/jsp, examples/jsp) or the test/realPath.jsp servlet, leaking ...

CVE-2002-2012

CVE-2002-2012 concerns an unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0. The connected documents provide a concrete context: remote attackers could trigger “unexpected results” by sending an HTTP request. The vulnerability impact is described as affecting availabili...

CVE-2002-2029

CVE-2002-2029 affects PHP on Windows with Apache when ScriptAlias /php/ is set to c:/php/. A remote attacker can read arbitrary files and potentially execute arbitrary programs by requesting php.exe with a filename in the query string. Root cause is a configuration vulnerability enabling direct e...

CVE-2001-1534

modusertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication...

Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog which could create an exploit if the error log is read in a termina...

FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)

Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...

FreeBSD : apache (1925)

The following package needs to be updated: apache %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

Slackware 8.1 / 9.0 / 9.1 / current : mod_ssl (SSA:2004-154-01)

New modssl packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. The packages were upgraded to modssl-2.8.18-1.3.31 fixing a buffer overflow that may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN, if modssl is...

FreeBSD : mod_dosevasive -- insecure temporary file creation (88ff90f2-6e43-11d9-8c87-000a95bc6fae)

An LSS Security Advisory reports : When a denial of service attack is detected, moddosevasive will, among other things, create a temporary file which it will use to trace actions from the offensive IP address. This file is insecurely created in /tmp and it's name is easily predictable. It is then...

FreeBSD : mod_access_referer -- NULL pointer dereference vulnerability (af747389-42ba-11d9-bd37-00065be4b5b6)

A malformed Referer header field causes the Apache apparseuricomponents function to discard it with the result that a pointer is not initialized. The modaccessreferer module does not take this into account with the result that it may use such a pointer. The NULL pointer vulnerability may possibly...

SSA-18706 Security updates for Slackware 8.1

Several security updates are now available for Slackware 8.1, including updated packages for Apache, glibc, modssl, openssh, openssl, and php. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated and is no longer used after a revamping of the Slackware generator. Disabled on...

FreeBSD : apache+mod_ssl* (1721)

The following package needs to be updated: apache+modssl %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

FreeBSD : apache (1342)

The following package needs to be updated: apache %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF,...

Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache+mod_ssl (SSA:2004-305-01)

New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix a security issue. Apache has been upgraded to version 1.3.33 which fixes a buffer overflow which may allow local users to execute arbitrary code as the apache user. The modssl package has also been upgraded t...

Slackware 8.1 / 9.0 / 9.1 / current : apache security update (SSA:2003-308-01)

Apache httpd is a hypertext transfer protocol server, and is used by over two thirds of the Internet's web sites. Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to...

Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : apache, mod_ssl, php (SSA:2004-299-01)

New apache and modssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues. Apache has been upgraded to version 1.3.32 which fixes a heap-based buffer overflow in modproxy. modssl was upgraded from version modssl-2.8.19-1.3.31 to version 2.8.21-1.3.32 whic...

apache -- Certificate Revocation List (CRL) off-by-one vulnerability

Marc Stern reports an off-by-one vulnerability in within modssl. The vulnerability lies in modssl's Certificate Revocation List CRL. If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service...

PHP packages updated again for 8.1, 9.0, 9.1

Sorry folks, I mistakenly used a build template that was too new to build the first round of PHP packages for Slackware 8.1, 9.0, and 9.1, which tried to place the module in /usr/libexec/apache older versions of Slackware use /usr/libexec instead, and tried to link to incorrect libraries and...

Apache Webserver Valid Banner Check

Binary data 3057.prm...