5773 matches found
httpd: HTTP request smuggling attack against chunked request parser
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...
httpd: bypass of mod_headers rules via chunked requests
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...
Apache Httpd < 2.4.25 : Padding Oracle in Apache mod_session_crypto
Prior to Apache HTTP release 2.4.25, modsessioncrypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation AES256-CBC by default, hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks,...
F5 BIG-IP - Apache HTTPD vulnerability CVE-2010-2791 and CVE-2010-2068
The remote host is missing a security patch. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
SOL23332326 - Apache HTTPD vulnerability CVE-2010-2791
Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...
openSUSE Security Update : subversion (openSUSE-2015-948)
This update for subversion fixes the following issues : - Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in moddavsvn caused by integer overflow when parsing skel-encoded request bodies. CVE-2015-5343 boo958300 - fix a...
Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...
MGASA-2015-0490 Updated subversion packages fix security vulnerabilities
Updated subversion packages fix security vulnerability: Subversion's httpd servers are vulnerable to a remotely triggerable heap-based buffer overflow and out-of-bounds read caused by an integer overflow when parsing skel-encoded request bodies CVE-2015-5343. This allows remote attackers with wri...
httpd: bypass of mod_headers rules via chunked requests
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...
httpd: bypass of mod_headers rules via chunked requests
A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...
Code injection
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
CVE-2015-0859
The CVE-2015-0859 entry affects the smokeping package (smokeping_cgi) used with Apache httpd, where the CGI argument handling by mod_cgi allows remote code execution. The Debian advisory notes the issue arises from the build/packaging where Apache httpd passes extra arguments to smokeping_cgi, en...
CVE-2015-0859
The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokepingcgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments...
Dell Foundation Services 'SOAP WMI API' Remote Information Disclosure
An issue in Dell Foundation Services can be exploited to leak any data provided by the Windows Management Instrumentation WMI. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
[SECURITY] [DSA 3405-1] smokeping security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3405-1 [email protected] https://www.debian.org/security/ Florian Weimer November 25, 2015 https://www.debian.org/security/faq -...
httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite
A flaw was found in the modremoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a modrewrite rule. The highest threat from this vulnerability is to integrity...
Moderate: Red Hat Bug Fix Advisory: httpd bug fix and enhancement update
Updated httpd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. This update fixes the following bugs: The httpd daemon did not reset an...