91 matches found
Apache Reverse Proxy Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Reverse Proxy Bypass Vulnerability Scanner', 'Description' = %q Scan for poorly configured reverse proxy servers. By default, this module...
SUSE: Security Advisory (SUSE-SU-2013:0469-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:0830-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
U.S. Dept Of Defense: Out-of-date Version (Apache)
URL https://████████/ Identified Version 2.2.15 contains 4 important and 10 other vulnerabilities Latest Version 2.2.31 Vulnerability Database Result is based on 27.10.2016 vulnerability database content. Vulnerability Details Link identified you are using an out-of-date version of Apache. Impact...
Oracle: Security Advisory (ELSA-2011-1392)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2011-1391)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2011-9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)
This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNIignorecase.diff -...
RHEL 5 / 6 : httpd (RHSA-2012:0542)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0542 advisory. The Apache HTTP Server httpd is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server di...
Amazon Linux AMI : httpd (ALAS-2011-9)
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connec...
openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)
This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...
openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)
This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...
openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)
ignore case when checking against SNI server names. bnc798733 httpd-2.2.x-bnc798733-SNIignorecase.diff - better cleanup of busy count after recovering from failure bnc789828 httpd-2.2.x-bnc789828-modbalancer.diff - httpd-2.2.x-bnc788121-CVE-2012-4557-modproxyajptimeout.diff: backend timeouts...
openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)
This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...
Amazon Linux AMI : httpd (ALAS-2012-46)
It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially crafted URI...
Oracle Linux 6 : httpd (ELSA-2011-1391)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1391 advisory. - add security fixes for CVE-2011-3347, CVE-2011-3368 743901 Tenable has extracted the preceding description block directly from the Oracle Linux...
SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)
This update fixes the following issues : - Denial of Service via special requests in modproxyajp. CVE-2012-4557 - improper LDLIBRARYPATH handling. CVE-2012-0883 - filename escaping problem Additionally, some non-security bugs have been fixed:. CVE-2012-2687 - ignore case when checking against SNI...
Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
This host is missing an important security update according to Mac OS X 10.6.8 Update/Mac OS X Security Update 2012-004. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP ...
Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP ...