33 matches found
K40284849: Apache vulnerability CVE-2010-0434
Security Advisory Description The apreadrequest function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow...
Oracle Linux 4 : httpd (ELSA-2010-0175)
From Red Hat Security Advisory 2010:0175 : Updated httpd packages that fix one security issue, a bug, and add an enhancement are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring...
Oracle Linux 5 : httpd (ELSA-2010-0168)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0168 advisory. 2.2.3-31.0.1.el54.4 - Replace index.html with Oracle's index page oracleindex.html - Update vstring and distro in specfile 2.2.3-31.4 - require and BR ...
Scientific Linux Security Update : httpd on SL5.x i386/x86_64
CVE-2010-0408 httpd: modproxyajp remote temporary DoS CVE-2010-0434 httpd: request header information leak It was discovered that modproxyajp incorrectly returned an 'Internal Server Error' response when processing certain malformed requests, which caused the back-end server to be marked as faile...
CentOS Update for httpd CESA-2010:0168 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for httpd CESA-2010:0168 centos5 i386
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2010:0168 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
SuSE 11 Security Update : Apache 2 (SAT Patch Number 2293)
The following bugs have been fixed : - When using a multithreaded MPM Apache could leak memory of requests handled by a different thread when processing subrequests. CVE-2010-0434 - Specially crafted requests could crash modproxyajp. CVE-2010-0408 %NASLMINLEVEL 70300 C Tenable Network Security,...
Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.15. It is, therefore, potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix injection attack is possible. CVE-2009-3555 - The 'modproxyajp' module returns the wrong status cod...
SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6987)
The following bugs have been fixed : When using a multi-threaded MPM apache could leak memory of requests handled by a different thread when processing subrequests CVE-2010-0434. Specially crafted requests could crash modproxyajp. CVE-2010-0408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
KLA10386 Multiple vulnerabilities in VMware
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service, inject arbitrary scripts, execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities 1. Insecure file...
Fedora 11 : httpd-2.2.15-1.fc11.1 (2010-6131)
The Apache HTTP Server Project is proud to announce the release of version 2.2.15 of the Apache HTTP Server 'httpd'. This version is principally a security and bugfix release. Notably, this release was updated to reflect the OpenSSL Project's release 0.9.8m of the openssl library, and addresses...
Fedora Update for httpd FEDORA-2010-6055
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RHEL 4 : httpd (RHSA-2010:0175)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2010:0175 advisory. The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in...
RHEL 5 : httpd (RHSA-2010:0168)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0168 advisory. - httpd: modproxyajp remote temporary DoS CVE-2010-0408 - httpd: request header information leak CVE-2010-0434 Note that Nessus has not test...
Fedora Update for httpd FEDORA-2010-6131
Check for the Version of httpd OpenVAS Vulnerability Test Fedora Update for httpd FEDORA-2010-6131 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1)
When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests CVE-2010-0434. Specially crafted requests could crash modproxyajp CVE-2010-0408. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...
openSUSE Security Update : apache2 (openSUSE-SU-2010:0165-1)
When using a multithreaded MPM apache could leak memory of requests handled by a different thread when processing subrequests CVE-2010-0434. Specially crafted requests could crash modproxyajp CVE-2010-0408. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...
Debian DSA-2035-1 : apache2 - multiple issues
Two issues have been found in the Apache HTTPD web server : - CVE-2010-0408 modproxyajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger...
[SECURITY] [DSA-2035-1] New apache2 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-2035-1 [email protected] http://www.debian.org/security/ Stefan Fritsch April 17, 2010 http://www.debian.org/security/faq -...
DSA-2035-1 apache2 - several issues
Bulletin has no description...