2.4 bug fix and enhancement update

An update is available for module.modmd, module.modhttp2, modhttp2, httpd, modmd, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...

SOL17317 - Apache HTTP server vulnerability CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

Null pointer dereference

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-0253

The readrequestline function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service NULL pointer dereference and process crash by sending a request that lacks a method to an installation...

CVE-2015-0253

CVE-2015-0253 affects the Apache HTTP Server 2.4.12. The vulnerability arises in the read_request_line function within server/protocol.c, where the protocol structure member is not initialized. This can enable a remote attacker to trigger a denial-of-service via a NULL pointer dereference and cra...

Apache ErrorDocument 400 Points to Denial of Service Vulnerability

Apache is an open source HTTPD service program. A security vulnerability exists in Apache that allows a remote user to crash an application via ErrorDocument 400 pointing to a local URL path containing an active INCLUDES filter, resulting in a denial-of-service attack...

apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...

apache24 -- multiple vulnerabilities

Jim Jagielski reports: CVE-2015-3183 cve.mitre.org core: Fix chunk header parsing defect. Remove aprbrigadeflatten, buffering and duplicated code from the HTTPIN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized...

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only...

CommPort 1.01 Authentication Bypass

---------------------------------------------------- CommPort 1.01 Vendor information: "A 'Community Portal' generator that can be tailored for any location. Each user gets a personal portal page to which they can add their own 'channels' or select from a growing list of pre-prepared local,...

CVE-2006-6071

TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with...

Apache UserDir Sensitive Information Disclosure

An information leak occurs on Apache based web servers whenever the UserDir module is enabled. The vulnerability allows an external attacker to enumerate existing accounts by requesting access to their home directory and monitoring the response. OpenVAS Vulnerability Test $Id: apacheusername.nasl...

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess restrictions defined in httpd.conf with directives like Deny From All by using an ErrorDocument directive. The Red Hat and CVE records confirm this is the same issue; vendor dispute noted that .htaccess applies to extern...

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restri...

PT-2004-3237 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.47 and earlier Description: The issue allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. It is noted...

apache local protection bypass

It's possible to bypass few security settings with ErrorDocument...

BUG IN APACHE HTTPD SERVER &#40;current version 2.0.47&#41;

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

apache2047.txt

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...