Fedora Core 3 : httpd-2.0.52-3.1 (2004-421)

This update includes the fix for a memory consumption denial of service issue in the handling of request header lines CVE-2004-0942. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically...

Fedora Core 2 : httpd-2.0.51-2.9 (2004-420)

Thu Nov 11 2004 Joe Orton 2.0.51-2.9 - add fix for memory consumption DoS, CVE-2004-0942 - modssl: add fix for SSLCipherSuite bypass, CVE-2004-0885 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

RHEL 3 : httpd (RHSA-2004:562)

Updated httpd packages that include fixes for two security issues, as well as other bugs, are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An issue has been discovered in the modssl module when configured to use the 'SSLCipherSuit...

Apache Httpd < 2.0.53 : Memory consumption DoS

An issue was discovered where the field length limit was not enforced for certain malicious requests. This could allow a remote attacker who is able to send large amounts of data to a server the ability to cause Apache children to consume proportional amounts of memory, leading to a denial of...

apache mod_include buffer overflow vulnerability

There is a buffer overflow in a function used by modinclude that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability...

Apache Httpd < 1.3.33 : mod_include overflow

A buffer overflow in modinclude could allow a local user who is authorised to create server side include SSI files to gain the privileges of a httpd child...

Apache Httpd < 2.0.53 : SSLCipherSuite bypass

An issue has been discovered in the modssl module when configured to use the "SSLCipherSuite" directive in directory or location context. If a particular location context has been configured to require a specific set of cipher suites, then a client will be able to access that location using any...

[Full-Disclosure] iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability

Macromedia JRun 4 modjrun Apache Module Buffer Overflow Vulnerability iDEFENSE Security Advisory 09.29.04 www.idefense.com/application/poi/display?id=145&type=vulnerabilities September 29, 2004 I. BACKGROUND Macromedia JRun 4 is a full Java 2 Enterprise Edition J2EE compatible application server...

Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)

Tue Sep 21 2004 Joe Orton 2.0.51-2.7 - aprgetlinecore fix from Rici Lake - Tue Sep 21 2004 Joe Orton 2.0.51-2.6 - fix 2.0.51 regression in Satisfy merging CVE-2004-0811 - Thu Sep 16 2004 Joe Orton 2.0.51-2.5 - modssl: prevent SIGHUP-triggers-SIGSEGV after upgrade from 2.0.50 - revert...

GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200409-21 Apache 2, moddav: Multiple vulnerabilities A potential infinite loop has been found in the input filter of modssl CAN-2004-0748 as well as a possible segmentation fault in the charbufferread function if reverse proxying ...

Fedora Core 1 : apr-util-0.9.4-2.1 (2004-307)

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

RHEL 3 : httpd (RHSA-2004:463)

Updated httpd packages that include fixes for security issues are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50 :...

apache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

CVE-2002-1549

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2004-0096

CVE-2004-0096 targets mod_python and is associated with a denial-of-service affecting Apache via a crafted query string. OpenVAS entries include CVE linkage (CVE-2004-0096) and note a 5.0 base score (AV:N/AC:L/Au:N/C:N/I:N/A:P); related CAN-2003-0973 is cited. The vulnerability is discussed in mu...

CVE-2002-1549

CVE-2002-1549 concerns Light HTTPD (lhttpd) 0.1, where a buffer overflow in processing a long HTTP GET request can allow remote code execution. The issue is tied to the lhttpd 0.1 HTTP server and is documented across multiple sources in the connected set, including CVE records and OpenVAS entries...

RHEL 3 : httpd (RHSA-2004:349)

Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...