CVE-2015-5284

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable...

Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-01. The te...

[slackware-security] httpd

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.27-i586-2slack14.2.txz: Rebuilt. This update patches a security issue "Optionsbleed" with th...

Design/Logic Flaw

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

CVE-2017-9798

CVE-2017-9798 affects the Apache HTTP Server (httpd) up to 2.4.27 and 2.2.34. A use-after-free flaw in how httpd handles invalid/previously unregistered HTTP methods specified by the Limit directive (used in .htaccess or certain httpd.conf configurations) can allow a remote, unauthenticated attac...

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

Important: httpd24, httpd

Issue Overview: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting t...

UBUNTU-CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

mod_gnutls: Certificate validation error

Background modgnutls is an extension for ​Apache’s httpd. It uses the ​GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...

Amazon Linux AMI : httpd (ALAS-2017-892)

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was discovered that the...

httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

Important: httpd

Issue Overview: A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers relate...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers relate...

HiSilicon DVR Devices - Remote Code Execution

!/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host', required=True parser.addargument'--rport',...

fli4l Arbitrary Code Execution Vulnerability

fli4l is a Linux-based ISDN, DSL and Ethernet router product developed by the fli4l team, which can be configured via ASCII files and supports multiple connection methods, displaying and calculating connection times and costs, monitoring traffic and monitoring ISDN calls. A security vulnerability...

CVE-2015-1445

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30...