CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20160718) (httpoxy)

Security Fixes : - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2016:1421 An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

Important: Red Hat Security Advisory: httpd24-httpd security update

An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

CVE-2016-5387

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

SOL71436934 - Apache httpd vulnerability CVE-2016-4979

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

Fedora 23 : httpd (2016-e256a03791)

Security fix for CVE-2016-4979 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

httpd security and bug fix update

2.4.6-40.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-40.4 - add security fix for CVE-2016-5387 2.4.6-40.3 - add 451 Unavailable For Legal Reasons response status-code 1353269 2.4.6-40.2 - modcache: treat cache as valid with changed Expires in 304 1347648...

httpd security update

2.2.3-92.0.1 - Add the ability to read DH parameters from the first SSLCertificateFile John Haxby orabug 21671194 - fix modssl always performing full renegotiation Joe Jin orabug 12423387 - replace index.html with Oracle's index page oracleindex.html - update vstring and distro in specfile 2.2.3-...

Clear Voyager Hotspot IMW-C910W - Arbitrary File Disclosure

Exploit Title: clear voyager hotspot IMW-C910W - file disclosure - Date: 2016/jul/15 - Exploit Author: Damaster - Vendor Homepage: https://www.sprint.com/ - Software Link: https://web.archive.org/web/20150526042938/http://www.clearwire.com/downloads/IMW-C910WV2234R4383A.bin - Version: R4383 - -...

Fedora 23 : wordpress (2016-a5e392ef01)

See upstream announcement WordPress 4.5.3 Maintenance and Security Release Packaging changes : - provide nginx configuration fedora - drop mandatory dependency on httpd suggested 1336091 - protect php files in uploads directory Note that Tenable Network Security has extracted the preceding...

Fedora 24 : httpd (2016-c7288a5b36)

Security fix for CVE-2016-4979 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Fedora 24 : wordpress (2016-7db496f6f2)

See upstream announcement WordPress 4.5.3 Maintenance and Security Release Packaging changes : - provide nginx configuration fedora - drop mandatory dependency on httpd suggested 1336091 - protect php files in uploads directory Note that Tenable Network Security has extracted the preceding...

Apache Httpd < 2.4.25 : DoS vulnerability in mod_auth_digest

Malicious input to modauthdigest will cause the server to crash, and each instance continues to crash even for subsequently valid requests...

CVE-2016-4979

A flaw was found in the way httpd performed client authentication using X.509 client certificates. When the HTTP/2 protocol was enabled, a remote attacker could use this flaw to access resources protected by certificate authentication without providing a valid client certificate...

Apache Httpd < 2.4.25 : HTTP_PROXY environment variable "httpoxy" mitigation

HTTPPROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTPPROXY" variable from a "Proxy:" header, which h...

Apache Httpd < 2.2.32 : HTTP_PROXY environment variable "httpoxy" mitigation

HTTPPROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTPPROXY" variable from a "Proxy:" header, which h...

apache24 -- X509 Client certificate based authentication can be bypassed when HTTP/2 is used

Apache Software Foundation reports: The Apache HTTPD web server from 2.4.18-2.4.20 did not validate a X509 client certificate correctly when experimental module for the HTTP/2 protocol is used to access a resource. The net result is that a resource that should require a valid client certificate i...

JVN#89379547: Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Apache Commons FileUpload provided by the Apache Software Foundation contains a flaw when processing multi-part requests, which may lead to a denial-of-service DoS. Impact Processing a specially crafted request may result in the server's CPU resources to be exhausted. Solution Apply the update...