httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

It was discovered that in httpd 2.4, the internal API function apsomeauthrequired could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied...

httpd: Uninitialized memory reflection in mod_auth_digest

It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to...

Important: httpd

Issue Overview: A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1178)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers relate...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1177)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers relate...

HiSilicon DVR Devices - Remote Code Execution

!/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host', required=True parser.addargument'--rport',...

fli4l Arbitrary Code Execution Vulnerability

fli4l is a Linux-based ISDN, DSL and Ethernet router product developed by the fli4l team, which can be configured via ASCII files and supports multiple connection methods, displaying and calculating connection times and costs, monitoring traffic and monitoring ISDN calls. A security vulnerability...

CVE-2015-1445

HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30...

CVE-2015-1443

The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code...

Code injection

The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code...

CVE-2015-1443

Concrete details show that CVE-2015-1443 affects the httpd component of fli4l, with vulnerable versions prior to 3.10.1 and 4.0 prior to 2015-01-30. The vulnerability enables a remote attacker to execute arbitrary code. The CNVD entry WC explicitly describes this as a remote code execution vulner...

CVE-2015-1443

The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code...

BSA-2017-376

Security Advisory ID : BSA-2017-376 Component : Apache HTTPD Revision : 3.0: Final When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behavior...

BSA-2017-377

Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...

BSA-2017-364

Security Advisory ID : BSA-2017-364 Component : Apache HTTPD Revision : 2.0: Final The HTTP strict parsing changes added in Apachehttpd2.2.32 and 2.4.24 introduced a bug in token list parsing, which allowsapfindtokento search past the end of its input string. By maliciously crafting a sequence of...

Updated apache packages fix security vulnerabilities

In Apache httpd before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by modauthdigest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized poo...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20170815)

Security Fixes : - It was discovered that the httpd's modauthdigest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause htt...

RHEL 6 : httpd (RHSA-2017:2478)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2478 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: It was discovered that...

httpd: mod_http2 NULL pointer dereference

A NULL pointer dereference flaw was found in the modhttp2 module of httpd. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP/2 request...

httpd: mod_mime buffer overread

A buffer over-read flaw was found in the httpd's modmime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash...