Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : httpd (SSA:2014-204-01)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-204-01. The text itse...

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20140723)

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

CentOS 7 : httpd (CESA-2014:0921)

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0921 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2014:0920 Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

httpd: mod_cache NULL pointer dereference crash

A NULL pointer dereference flaw was found in the modcache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...

httpd: mod_status heap-based buffer overflow

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

httpd: mod_cgid denial of service

A denial of service flaw was found in the way httpd's modcgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely...

Important: Red Hat Security Advisory: httpd24-httpd security update

Updated httpd24-httpd packages that fix multiple security issues are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

httpd: mod_status heap-based buffer overflow

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

httpd: mod_deflate denial of service

A denial of service flaw was found in the way httpd's moddeflate module handled request body decompression configured via the "DEFLATE" input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and C...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

httpd security update

2.2.15-31.0.1.el65 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-31 - modcgid: add security fix for CVE-2014-0231 - moddeflate: add security fix for CVE-2014-0118 - modstatus: add security fix for CVE-2014-0226...

httpd security update

2.4.6-18.0.1.el70 - replace index.html with Oracle's index page oracleindex.html 2.4.6-18 - modcgid: add security fix for CVE-2014-0231 1120607 - modproxy: add security fix for CVE-2014-0117 1120607 - moddeflate: add security fix for CVE-2014-0118 1120607 - modstatus: add security fix for...

Apache 2.4.x mod_proxy Denial Of Service

::: ::::::::: ::: :::::::: ::: ::::::::::::: ::: :::::::::::::::::::::::::::::::::: ::::::::: :+: :+: :+: :+: :+: :+: :+: :+::+: :+::+: :+: :+: :+: :+: :+: :+::+: :+: +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:+ +:+ +:++:+ +:+ +++:++++:+++:++++++:++++:++ +++:+++++++:++ +++:++++ ++ ++...

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition

-- 0. Sparse summary Race condition between updating httpd's "scoreboard" and modstatus, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memory containing htaccess credentials, ssl certificates private keys and so...