Apache mod_ssl format string bug

Format string bug if modssl is used in conjunction with modproxy for SSL proxing https://foos.example.com/...

Debian DSA-525-1 : apache - buffer overflow

Georgi Guninski discovered a buffer overflow bug in Apache's modproxy module, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process by default, user www-data. Note that this bug is only exploitable if the modproxy module i...

FreeBSD : apache -- heap overflow in mod_proxy (10)

The following package needs to be updated: apache13+ipv6 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgca6c8f350a5f11d9ad6f00061bc2ad93.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

CVE-2004-0811

Technical details about CVE-2004-0811 are not publicly available in the provided connected documents. Please monitor for updates for affected products, exact vectors, impact, and remediation information.

CVE-2004-0747

CVE-2004-0747 describes a local buffer overflow in Apache HTTP Server versions 2.0.50 and earlier, triggered by expansion of environment variables in .htaccess or server configuration files. The underlying issue involves copying environment data into a fixed-size buffer (ap_resolve_env) via strin...

CVE-2004-0786

CVE-2004-0786 concerns a vulnerability in the apr-util IPv6 URI parsing (apr_uri_parse) used by Apache 2.x (APR library) prior to 2.0.50. A crafted IPv6 URL can trigger a denial-of-service in the httpd child process, with remote code execution possible under certain configurations or platforms. A...

CVE-2004-0809

CVE-2004-0809 affects the Apache mod_dav WebDAV module in Apache 2.0.50 and earlier, allowing remote attackers to cause a denial of service (child process crash) via a particular sequence of LOCK requests for locations with WebDAV access. Connected documents in OpenVAS/Tenable references corrobor...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

FreeBSD : apache -- apr_uri_parse IPv6 address handling vulnerability (14)

The following package needs to be updated: apache %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg762d1c6d072211d9b45d000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

security flaw

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

security flaw

The charbufferread function in the modssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service segmentation fault...

PT-2004-1874 · Apache · Apache +1

Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.50 and earlier Description: The issue is related to the mod dav module, which allows remote attackers to cause a denial of service by crashing a child process. This can be achieved by sending a specific sequence of LOCK...

CVE-2004-0748

CVE-2004-0748 affects the Apache HTTP Server with mod_ssl

CVE-2004-0751

Summary (grounded in provided docs): CVE-2004-0751 concerns the Apache httpd mod_ssl module. The issue arises when reverse proxying to an SSL server, where the char_buffer_read function can trigger a remote denial of service via a segmentation fault. Connected documents corroborate the vulnerabil...

CVE-2004-0751

The charbufferread function in the modssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service segmentation fault...

Apache mod_ssl DoS

Child process goes to infinite loop on SSL connection abort...

CVE-2004-0173

CVE-2004-0173 describes a directory traversal vulnerability affecting Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier when run on Cygwin. An attacker can read arbitrary files by requesting a URL containing "..%5C" (dot dot encoded backslash) sequences, enabling partial confidentiality im...

CVE-2004-0263

Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.

CVE-2003-0016

CVE-2003-0016 refers to the Apache HTTP Server vulnerability where, on Windows 9x/Me, an HTTP request containing MS-DOS device names could remotely cause a denial of service or enable arbitrary code execution. Public sources in the connected documents consistently describe this as a flaw in filte...

CVE-2003-0017

Apache HTTP Server on Windows versions older than 2.0.44 is affected by CVE-2003-0017. A crafted HTTP request containing illegal characters (for example, ">") can cause the server to process a different filename and disclose certain files. This vulnerability is a remote-access issue with netwo...