CentOS Security Advisory CESA-2009:1148 (httpd)

The remote host is missing updates to httpd announced in advisory CESA-2009:1148. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-onl...

Apache Httpd < 2.0.64 : APR apr_palloc heap overflow

A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...

Apache Httpd < 2.2.13 : APR apr_palloc heap overflow

A flaw in aprpalloc in the bundled copy of APR could cause heap overflows in programs that try to aprpalloc a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses...

DD-WRT (httpd service) Remote Command Execution Vulnerability

No description provided by source. This is a remote root vulnerability in DD-WRT's httpd server. The bug exists at the latest 24 sp1 version of the firmware. The problem is due to many bugs and bad software design decisions. Here is part of httpd.c: 859 if containsstringfile, "cgi-bin" 860 861...

DD-WRT Remote Root

----------------------------------------------------------------------------------------- A remote root vulnerability in the DD-WRT's httpd service. The bug exists in the latest 24 sp1 version of the firmware. The problem is due to a number of bugs and bad software design decisions. Here is part ...

DD-WRT HTTPd Daemon/Service - Remote Command Execution

This is a remote root vulnerability in DD-WRT's httpd server. The bug exists at the latest 24 sp1 version of the firmware. The problem is due to many bugs and bad software design decisions. Here is part of httpd.c: 859 if containsstringfile, "cgi-bin" 860 861 authfail = 0; 862 if !doauth 863...

DD-WRT (httpd service) Remote Command Execution Vulnerability

Exploit for hardware platform in category remote exploits ============================================================= DD-WRT httpd service Remote Command Execution Vulnerability ============================================================= This is a remote root vulnerability in DD-WRT's httpd...

DD-WRT HTTPd DaemonService - Remote Command Execution

DD-WRT HTTPd DaemonService - Remote Command Execution This is a remote root vulnerability in DD-WRT's httpd server. The bug exists at the latest 24 sp1 version of the firmware. The problem is due to many bugs and bad software design decisions. Here is part of httpd.c: 859 if containsstringfile,...

httpd: possible temporary DoS (CPU consumption) in mod_deflate

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

Design/Logic Flaw

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module J9155A ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424...

CVE-2009-1425

Unspecified vulnerability in HP ProCurve Threat Management Services zl Module J9155A ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424...

CVE-2009-1425

The CVE-2009-1425 entry affects HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier. It is described as an unspecified vulnerability that allows remote attackers to cause a denial of service by triggering a stop or crash in httpd. This CVE is distinct from CVE-2009...

httpd: possible temporary DoS (CPU consumption) in mod_deflate

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix multiple security issues are now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A...

CVE-2009-1891

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

DEBIAN-CVE-2009-1891

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

CVE-2009-1891

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

EUVD-2009-1886

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...

CVE-2009-1891

CVE-2009-1891 affects the Apache HTTP Server mod_deflate in 2.2.x (notably 2.2.11 and earlier). The issue causes CPU consumption DoS by compressing large files even after the client connection closes. Public advisories across distributions confirm the flaw and its remediation via updated packages...

CVE-2009-1891

The moddeflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service CPU consumption...