8 matches found
SUSE CVE-2005-2728
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...
Gentoo Security Advisory GLSA 200508-15 (apache)
The remote host is missing updates announced in advisory GLSA 200508-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Debian Security Advisory DSA 805-1 (apache2)
The remote host is missing an update to apache2 announced via advisory DSA 805-1. Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1268 Marc Stern...
CentOS 3 / 4 : httpd (CESA-2005:608)
Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw...
Fedora Core 3 : httpd-2.0.53-3.3 (2005-848)
This update includes two security fixes. An issue was discovered in modssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured CVE-2005-2700. An issue was discovered in memory consumption of the byterange filter f...
Fedora Core 4 : httpd-2.0.54-10.2 (2005-849)
This update includes two security fixes. An issue was discovered in modssl where 'SSLVerifyClient require' would not be honoured in location context if the virtual host had 'SSLVerifyClient optional' configured CVE-2005-2700. An issue was discovered in memory consumption of the byterange filter f...
RHEL 4 : httpd (RHSA-2005:608)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:608 advisory. The Apache HTTP Server is a popular and freely-available Web server. A flaw was discovered in modssl's handling of the SSLVerifyClient...
CVE-2005-2728
Apache httpd is affected by CVE-2005-2728 due to a flaw in the byte-range filter that can cause memory exhaustion and denial of service when handling HTTP requests with a large Range header, as described in multiple connected advisories. The issue affects Apache httpd 2.0.x before 2.0.54 (and var...