Fedora Core 1 : apr-util-0.9.4-2.1 (2004-307)

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

GLSA-200409-21 : Apache 2, mod_dav: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200409-21 Apache 2, moddav: Multiple vulnerabilities A potential infinite loop has been found in the input filter of modssl CAN-2004-0748 as well as a possible segmentation fault in the charbufferread function if reverse proxying ...

RHEL 3 : httpd (RHSA-2004:463)

Updated httpd packages that include fixes for security issues are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Four issues have been discovered affecting releases of the Apache HTTP 2.0 Server, up to and including version 2.0.50 :...

apache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

Apache Httpd < 2.0.51 : WebDAV remote crash

An issue was discovered in the moddav module which could be triggered for a location where WebDAV authoring access has been configured. A malicious remote client which is authorized to use the LOCK method could force an httpd child process to crash by sending a particular sequence of LOCK request...

CVE-2002-1549

Buffer overflow in Light HTTPd lhttpd 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2004-0096

CVE-2004-0096 targets mod_python and is associated with a denial-of-service affecting Apache via a crafted query string. OpenVAS entries include CVE linkage (CVE-2004-0096) and note a 5.0 base score (AV:N/AC:L/Au:N/C:N/I:N/A:P); related CAN-2003-0973 is cited. The vulnerability is discussed in mu...

CVE-2002-1549

CVE-2002-1549 concerns Light HTTPD (lhttpd) 0.1, where a buffer overflow in processing a long HTTP GET request can allow remote code execution. The issue is tied to the lhttpd 0.1 HTTP server and is documented across multiple sources in the connected set, including CVE records and OpenVAS entries...

RHEL 3 : httpd (RHSA-2004:349)

Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...

Apache Httpd < 2.0.51 : IPv6 URI parsing heap overflow

Testing using the Codenomicon HTTP Test Tool performed by the Apache Software Foundation security group and Red Hat uncovered an input validation issue in the IPv6 URI parsing routines in the apr-util library. If a remote attacker sent a request including a carefully crafted URI, an httpd child...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

DEBIAN-CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

Exploit for linux platform in category dos / poc ======================================================== Apache HTTPd Arbitrary Long HTTP Headers DoS c version ======================================================== include include include include include include include include include define ...

Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)

No description provided by source. include include include include include include include include include define A 0x41 define PORT 80 struct sockaddrin hrm; int connchar ip int sockfd; hrm.sinfamily = AFINET; hrm.sinport = htonsPORT; hrm.sinaddr.saddr = inetaddrip; bzero&hrm.sinzero,8;...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...

Fedora Core 1 : httpd-2.0.48-1.2 (2003-004)

This update includes the latest stable release of Apache httpd 2.0, including a fix for the security issue CVE-2003-0542, a buffer overflow in the parsing of configuration files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

Fedora Core 1 : httpd-2.0.49-1.1 (2004-117)

This update includes the latest stable release of Apache httpd 2.0, including a security fix for a memory leak in modssl which can be triggered remotely CVE-2004-0113, and a fix for escaping of error log output CVE-2003-0020. This update also includes an enhanced version of the modcgi module whic...