Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

Mandriva Linux Security Advisory : apache (MDVSA-2015:093)

Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098. A race condition flaw...

Fedora 21 : dokuwiki-0-0.24.20140929c.fc21 (2015-3186)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Fedora 20 : dokuwiki-0-0.24.20140929c.fc20 (2015-3211)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Fedora 22 : dokuwiki-0-0.24.20140929c.fc22 (2015-3079)

This update fixes CVE-2015-2172 - There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own...

Ultra Mini HTTPD Resource Name Request Handling Stack Buffer Overflow - Ver2 (CVE-2013-5019)

A buffer overflow vulnerability has been reported in Vector Ultra Mini HTTPD. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

CentOS 7 : ipa (CESA-2015:0442)

Updated ipa packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

CentOS 7 : httpd (CESA-2015:0325)

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:0325 Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System...

Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

Fedora Update for httpd FEDORA-2014-17195

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : httpd (ELSA-2015-0325)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0325 advisory. - core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-35...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

httpd security, bug fix, and enhancement update

2.4.6-31.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-31 - modproxyfcgi: determine if FCGICONNCLOSE should be enabled instead of hardcoding it 1168050 - modproxy: support Unix Domain Sockets 1168081 2.4.6-30 - core: fix bypassing of modheaders rules via chunked request...

RedHat Update for httpd RHSA-2015:0325-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RHEL 7 : httpd (RHSA-2015:0325)

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Fedora 20 : httpd-2.4.10-2.fc20 (2014-17153)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

Fedora Update for httpd FEDORA-2014-17153

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...