CentOS Security Advisory CESA-2009:1580 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1580. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

RHEL 4 : httpd (RHSA-2009:1580)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:1580 advisory. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer...

RHEL 3 / 5 : httpd (RHSA-2009:1579)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the...

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header

The modproxyftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

httpd security update

2.2.3-31.0.1.el54.2 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-31.2 - add security fixes for CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 534041...

httpd security update

2.0.52-41.ent.6.0.1 - use oracle index page oracleindex.html - update vstring and distro in specfile 2.0.52-41.ent.6 - add security fixes for CVE-2009-3555, CVE-2009-1891, CVE-2009-3094, and CVE-2009-3095 534039...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...

Security fix for the ALT Linux 10 package apache2 version 2.2.14-alt1

Oct. 6, 2009 Aleksey Avdeev 2.2.14-alt1 - 2.2.14 - Security fixes CVE-2009-2412, CVE-2009-2699, CVE-2009-3094, CVE-2009-3095 - Update patchsets: + itk for apache2.2-mpm-itk-2.2.11-02 Closes: 21486 + peruser for httpd-2.2.3-peruser-0.3.0-dc3...

Important: Red Hat Security Advisory: Red Hat Application Stack v2.4 security and enhancement update

Red Hat Application Stack v2.4 is now available. This update fixes several security issues and adds various enhancements. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Application Stack v2.4 is an integrated open source application...

Apache Httpd < 2.0.64 : mod_proxy_ftp DoS

A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...

Apache Httpd < 2.2.14 : mod_proxy_ftp DoS

A NULL pointer dereference flaw was found in the modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service...

Apache Httpd < 2.2.14 : mod_proxy_ftp FTP command injection

A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...

Apache Httpd < 2.0.64 : mod_proxy_ftp FTP command injection

A flaw was found in the modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...

Apache Httpd < 2.0.64 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

Apache Httpd < 2.2.17 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)

The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. OpenVAS Vulnerability Test $Id: mdksa2009183.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:183 apache-modsecurity Authors: Thomas Reinke Copyright:...

RedHat Security Advisory RHSA-2009:1205

The remote host is missing updates announced in advisory RHSA-2009:1205. The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime APR libraries, which provide a free library of C data structur...