Apache Httpd < 2.4.25 : HTTP/2 CONTINUATION denial of service

The HTTP/2 protocol implementation modhttp2 had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion...

Apache Httpd < 2.4.26 : mod_http2 Null Pointer Dereference

A maliciously constructed HTTP/2 request could cause modhttp2 to dereference a NULL pointer and crash the server process...

Amazon Linux: Security Advisory (ALAS-2016-725)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: HTTP request smuggling attack against chunked request parser

Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...

SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2396-1) (POODLE)

This update provides apache2-modnss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. CVE-2016-3099 - Created valgrind suppression files to ease debugging. - Implement SSLPPTYPEFILTER to call executables to get the key password pins. - Improvements ...

[SECURITY] Fedora 24 Update: mod_cluster-1.3.3-8.fc24

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

[SECURITY] Fedora 25 Update: mod_cluster-1.3.3-8.fc25

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

CodeWarrior - Just Another Manual Code Analysis Tool And Static Analysis Tool

Just another manual code analysis tool and static analysis tool Codewarrior runs at HTTPd with TLS, uses KISS principle https://en.wikipedia.org/wiki/KISSprinciple Directories: web/ = local of javascripts and html and css sources src/ = C source code, this code talking with web socket eggs/ =...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/php-5.6.25-i586-1slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see:...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

mod_cluster: remotely Segfault Apache http server

It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the modcluster via service messages MCMP...

CVE-2016-6312

A denial of service vulnerability was found in subversion. The moddontdothat component of the moddavsvn Apache module did not properly protect against exponential XML entity expansion attacks. An attacker with credentials to the webdav repository could send a crafted message that would result in...

SOL80513384 - Apache HTTPD vulnerability CVE-2016-5387

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Fedora Update for httpd FEDORA-2016-df0726ae26

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpd FEDORA-2016-e256a03791

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpd FEDORA-2016-c7288a5b36

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for httpd FEDORA-2016-9fd9bfab9e

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : httpd (2016-df0726ae26) (httpoxy)

Security fix for CVE-2016-5387. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...

Fedora 24 : httpd (2016-9fd9bfab9e) (httpoxy)

Security fix for CVE-2016-5387 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...