RedHat Security Advisory RHSA-2009:1203

The remote host is missing updates announced in advisory RHSA-2009:1203. Subversion SVN is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of...

CentOS Security Advisory CESA-2009:1205 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1205. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

RedHat Security Advisory RHSA-2009:1204

The remote host is missing updates announced in advisory RHSA-2009:1204. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime APR manages memory pool and relocatable memory allocations. An attacker could use these flaws to issu...

CentOS Security Advisory CESA-2009:1205 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1205. CESA-2009:1205 64661 2 $Id: ovcesa20091205.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1205 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

CVE-2009-2766

httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not require administrative authentication for programs under cgi-bin/, which allows remote attackers to change settings via HTTP requests...

CVE-2009-2766

CVE-2009-2766 affects httpd.c in the httpd management GUI of DD-WRT 24 sp1; CGI programs under /cgi-bin/ can be accessed without administrative authentication, enabling remote changes via HTTP requests. CBSS: Network vector, low complexity, no authentication, with partial impact on confidentialit...

CVE-2009-2765

The CVE-2009-2765 issue affects the DD-WRT HTTPd management GUI, where httpd.c in the HTTP daemon is vulnerable to shell metacharacter injection via requests to a CGI-bin URI. The vulnerability allows an unauthenticated remote attacker to execute arbitrary commands with root privileges on affecte...

CVE-2009-2765

httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI...

RHEL 3 : httpd (RHSA-2009:1205)

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with...

CentOS 3 : httpd (CESA-2009:1205)

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The httpd package shipped with...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2009:1205 Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

httpd security and bug fix update

2.0.46-75.0.1.ent - use oracle index page oracleindex.html - remove logos in poweredby.gif and poweredbyrh.png - add apr-configure.patch 2.0.46-75.ent - add security fix for CVE-2009-1891 515705 - include fix for upstream PR 39605 2.0.46-74.ent - add security fixes for CVE-2009-2412 515705 - add...

Apache Httpd < 2.2.14 : Solaris pollset DoS

Faulty error handling was found affecting Solaris pollset support Event Port backend caused by a bug in APR. A remote attacker could trigger this issue on Solaris servers which used prefork or event MPMs, resulting in a denial of service...

Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2009-214-01. The text itself is copyrig...

httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues. More details about these issues may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2009-1891 https://vulners.com/cve/CVE-2009-1195...

CentOS Security Advisory CESA-2009:1148 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1148. CESA-2009:1148 64448 2 $Id: ovcesa20091148.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:1148 httpd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

RedHat Security Advisory RHSA-2009:1148

The remote host is missing updates announced in advisory RHSA-2009:1148. The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume...

CentOS Security Advisory CESA-2009:1148 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1148. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

Apache Httpd < 2.2.13 : APR apr_palloc heap overflow

A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...