18 matches found
Oracle Linux 7 : httpd24-httpd (ELSA-2015-1666)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1666 advisory. - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-318...
K17317: Apache HTTP server vulnerability CVE-2015-0253
Security Advisory Description The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks...
[SECURITY] [DLA 841-2] apache2 regression update
Package : apache2 Version : 2.2.22-13+deb7u11 CVE ID : CVE-2015-0253 CVE-2016-8743 Debian Bug : 858373 The fix for CVE-2016-8743 introduced a regression which would segfault apache workers under certain conditions 858373, an issue similar to previously fixed CVE-2015-0253. The issue was introduce...
Debian DLA-841-2 : apache2 regression update
The fix for CVE-2016-8743 introduced a regression which would segfault apache workers under certain conditions 858373, an issue similar to previously fixed CVE-2015-0253. The issue was introduced in DLA-841-1 and the associated 2.2.22-13+deb7u8 package version. For Debian 7 'Wheezy', these proble...
Oracle: Security Advisory (ELSA-2015-1666)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
httpd24-httpd security update
2.4.12-6.0.1.el7.1 - replace index.html with Oracles index page oracleindex.html - update vstring in specfile 2.4.12-6.1 - core: fix chunk header parsing defect CVE-2015-3183 - core: replace of apsomeauthrequired with apsomeauthnrequired and apforceauthn hook CVE-2015-3185 - core: fix pointer...
SOL17317 - Apache HTTP server vulnerability CVE-2015-0253
The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...
Medium: httpd24
Issue Overview: It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...
Fedora 21 : httpd-2.4.16-1.fc21 (2015-11792)
Update to new version 2.4.16. This update fixed various bugs as well as few security issues. For full changelog, see http://www.apache.org/dist/httpd/CHANGES2.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...
Fedora Update for httpd FEDORA-2015-11792
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : httpd-2.4.16-1.fc22 (2015-11689)
Update to new version 2.4.16. This update fixed various bugs as well as few security issues. For full changelog, see http://www.apache.org/dist/httpd/CHANGES2.4.16 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...
KLA10640 Multiple vulnerabilities in Apache HTTP Server
Multiple serious vulnerabilities have been found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities 1. Stack recursion crash in the modlua module in the luarequest.c file in luawebsocketread function c...
CVE-2015-0253
CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...
Slackware 14.0 / 14.1 / current : httpd (SSA:2015-198-01)
New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-198-01. The text itself is copyright C...
[slackware-security] httpd (SSA:2015-198-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security httpd SSA:2015-198-01 New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...
[slackware-security] httpd
New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/httpd-2.4.16-i486-1slack14.1.txz: Upgraded. This update fixes the following security issues: CVE-2015-0253: Fix a crash with...
apache: multiple issues
CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...
FreeBSD : apache24 -- multiple vulnerabilities (a12494c1-2af4-11e5-86ff-14dae9d210b8)
Jim Jagielski reports : CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...