httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: ap_find_token() buffer overread

A buffer over-read flaw was found in the httpd's apfindtoken function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request...

httpd: mod_ssl NULL pointer dereference

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd security update

2.4.6-67.0.1.el74.2 - replace index.html with Oracle's index page oracleindex.html 2.4.6-67.2 - Resolves: 1463194 - CVE-2017-3167 httpd: apgetbasicauthpw authentication bypass - Resolves: 1463197 - CVE-2017-3169 httpd: modssl NULL pointer dereference - Resolves: 1463207 - CVE-2017-7679 httpd:...

httpd security update

2.2.15-60.0.1.5 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-60.5 - Resolves: 1463194 - CVE-2017-3167 httpd: apgetbasicauthpw authentication bypass - Resolves: 1463197 - CVE-2017-3169 httpd: modssl NULL pointer dereference - Resolves: 1463207 ...

CVE-2017-12754

Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.670RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200,...

CVE-2017-12754

The CVE-2017-12754 entry describes a stack buffer overflow in the httpd component of Asuswrt-Merlin firmware (notably 380.67_0RT-AC5300 and earlier) across numerous ASUS router models. A remote attacker can trigger arbitrary code execution by sending a crafted HTTP GET request containing a long d...

See my how-to the Apache fuzzing and dig to a value of 1500 knife of vulnerability-vulnerability warning-the black bar safety net

Target In the AFL in the view of the Apache httpd server's crash logs, I found a lot of problems. For example, some crash testing with example in fuzz testing tools internal collapse, but also affect the test program stability. In this article, I will talk to you to explain the test case to crash...

CVE-2017-12568

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W and probably other DCP models allows remote attackers to hang the printer disrupting its network connection by sending a large amount of HTTP packets...

Denial of service

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W and probably other DCP models allows remote attackers to hang the printer disrupting its network connection by sending a large amount of HTTP packets...

CVE-2017-12568

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W and probably other DCP models allows remote attackers to hang the printer disrupting its network connection by sending a large amount of HTTP packets...

CVE-2017-12568

Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W and probably other DCP models allows remote attackers to hang the printer disrupting its network connection by sending a large amount of HTTP packets...

CVE-2017-12568

CVE-2017-12568 affects Debut embedded httpd 1.20 on Brother DCP-J132W (and likely other DCP models). The vulnerability enables a remote attacker to cause a Denial of Service by sending a large volume of HTTP packets, ultimately hanging the printer and disrupting its network connection. Descriptio...

Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)

An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...

CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

Important Photon OS Security Update - PHSA-2017-0057

Updates of 'httpd' packages of Photon OS have been released...