Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafte...

Denial Of Service (DoS)

subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process...

Denial Of Service (DoS)

subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd...

Denial Of Service (DoS)

apr-util is vulnerable to denial of service. It was found that certain input could cause the apr-util library to allocate more memory than intended in the aprbrigadesplitline function. An attacker able to provide input in small chunks to an application using the apr-util library such as httpd cou...

Information Disclosure

httpd is vulnerable to information disclosure. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM Multi-Processing Module could possibly leak information from other reques...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....

Information Disclosure

httpd is vulnerable to information disclosure. A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists in modproxyajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user...

Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the Apache modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively...

Cross-Site Scripting (XSS)

modproxyftp module in Apache is vulnerable to cross-site scripting. When Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modproxyftp module. On sites where modproxyftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following th...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A flaw was found in the modstatus module. On sites where modstatus was enabled and the status pages were publicly available, a cross-site scripting attack was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A flaw was found in the modproxybalancer module. On sites where modproxybalancer was enabled, a cross-site scripting attack against an authorized user was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modimagemap module. On sites where modimagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modautoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...

Cross-site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the Apache HTTP Server modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a...