Apache APR -- DoS vulnerabilities

The Apache Portable Runtime Project reports: A flaw was discovered in the aprfnmatch function in the Apache Portable Runtime APR library 1.4.4 or any backported versions that contained the upstream fix for CVE-2011-0419. This could cause httpd workers to enter a hung state 100% CPU utilization...

Debian DSA-2237-1 : apr - denial of service

A flaw was found in the APR library, which could be exploited through Apache HTTPD's modautoindex. If a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be use...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-133-02)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current. These have been compiled against the new versions of apr and apr-util, which were upgraded to fix a security issue that affects Apache httpd. It is recommended that all three updates be applied...

[SECURITY] [DSA 2237-1] apr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2237-1 [email protected] http://www.debian.org/security/ Stefan Fritsch May 15, 2011 http://www.debian.org/security/faq -...

DSA-2237-2 apr - denial of service

Bulletin has no description...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current. These have been compiled against the new versions of apr and apr-util, which were upgraded to fix a security issue that affects Apache httpd. It is recommended that all three updates be applied. Here...

apr security update

CentOS Errata and Security Advisory CESA-2011:0507 Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...

CentOS 5 : subversion (CESA-2011:0257)

Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 5 : php53 (CESA-2011:0196)

Updated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CentOS 5 : subversion (CESA-2011:0327)

Updated subversion packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

php53 security update

CentOS Errata and Security Advisory CESA-2011:0196 Updated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

mod_dav_svn, subversion security update

CentOS Errata and Security Advisory CESA-2011:0327 Updated subversion packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring Syst...

Fedora 13 : subversion-1.6.16-1.fc13 (2011-2698)

A NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. CVE-2011-0715 The Fedora Project would lik...

RedHat Update for subversion RHSA-2011:0327-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...

Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS

A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Metasploit Framework v3.5.2 latest version download !

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2! "The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/httpd-2.2.17-i486-1slack13.1.txz: Upgraded. This fixes some denial of service bugs in the bundled libraries. O...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : httpd (SSA:2011-041-03)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-041-03. The text itsel...