48 matches found
Debian: Security Advisory (DLA-66-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K15300: Apache HTTP Server mod_dav DoS vulnerability CVE-2013-6438
Security Advisory Description The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE...
SUSE CVE-2013-6438
The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...
Security Bulletin: Network Intrusion Prevention System is affected by multiple Apache web server vulnerabilities (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)
Summary Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-6438 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modda...
Mageia: Security Advisory (MGASA-2014-0135)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2014:1080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2014:1082-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache 2.4.x < 2.4.9 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is a version prior to 2.4.9. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the 'moddav' module that is caused when tracking the length of CDATA that has leading white space. A remo...
Security Bulletin: IBM InfoSphere Balanced Warehouse C3000, C4000, IBM Smart Analytics System 1050, and 2050 are affected by the following Apache Tomcat vulnerabilities: CVE-2014-0098 and CVE-2013-6438
Summary The IBM InfoSphere Balanced Warehouse C3000 and C4000 for Windows and IBM Smart Analytics System 1050 and 2050 for Windows ship with Apache HTTP Server which contains known security vulnerabilities. Vulnerability Details CVE-ID: CVE-2014-0098 DESCRIPTION: Apache HTTP Server is vulnerable ...
SUSE: Security Advisory for apache2 (SUSE-SU-2014:1080-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux: Security Advisory (ALAS-2014-331)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)
The remote host is running a version of NSM Network and Security Manager Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A...
Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)
Hello, Your current version of apache 2.2.22 for http://aanbieding.marktplaats.com is vulnerable to many issues like DoS, XSS and Code Exec 1. DoS Refer: http://www.cvedetails.com/cve/CVE-2014-0231/ http://www.cvedetails.com/cve/CVE-2014-0098/ http://www.cvedetails.com/cve/CVE-2013-6438/...
openSUSE Security Update : apache2 (openSUSE-SU-2014:1647-1)
This apache version update fixes various security and non security issues. - Updated to the 2.2.29 - Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES2.2 - The following patches are no longer needed and were removed : - httpd-2.2.x-bnc798733-SNIignorecase.diff -...
Amazon Linux AMI : httpd (ALAS-2014-331)
It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV request that would...
DLA-66-1 apache2 - security update
Bulletin has no description...
openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)
This apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to 'no' in /etc/apache2/ssl-global.conf - ssl-global.conf: SSLHonorCipherOrder set to on -...
security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)
apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...
SuSE 11.3 Security Update : Apache Web Server (SAT Patch Number 9542)
This update for the Apache Web Server provides the following fixes : - Fixed a heap-based buffer overflow on apache module modstatus. bnc887765, CVE-2014-0226 - Properly remove whitespace characters from CDATA sections to avoid remote denial of service by crashing the Apache Server process...