Fedora Core 1 : httpd-2.0.50-1.0 (2004-203)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Fedora Core 2 : httpd-2.0.50-2.1 (2004-204)

This update includes the latest stable release of Apache httpd 2.0, including security fixes for a remotely triggerable memory leak CVE-2004-0493, and a buffer overflow in modssl which can be triggered only by a trusted client certificate with a long subject DN field CVE-2004-0488. Note that...

Apache HTTPd Arbitrary Long HTTP Headers DoS

Exploit for unknown platform in category dos / poc ============================================ Apache HTTPd Arbitrary Long HTTP Headers DoS ============================================ /usr/bin/perl exploit for apache apgetmimeheaderscore vuln adv is here: http://www.guninski.com/httpd1.html...

Apache Httpd < 2.0.51 : SSL connection infinite loop

An issue was discovered in the modssl module in Apache 2.0. A remote attacker who forces an SSL connection to be aborted in a particular state may cause an Apache child process to enter an infinite loop, consuming CPU resources...

Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash

An issue was discovered in the modssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue ...

RHEL 2.1 : mod_ssl (RHSA-2002:136)

Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...

CVE-2004-0493

The CVE-2004-0493 entry relates to Apache httpd 2.0.x prior to 2.0.50, where long MIME header lines with excessive spaces/tabs can cause memory exhaustion and, on 64-bit systems, a potential heap-based buffer overflow. Connected advisories confirm DoS concerns across Apache 2.0.x and related modu...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

CVE-2004-0493

The apgetmimeheaderscore function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service memory exhaustion, and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters...

Apache Httpd < 2.0.50 : Header parsing memory leak

A memory leak in parsing of HTTP headers which can be triggered remotely may allow a denial of service attack due to excessive memory consumption...

[Full-Disclosure] [RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated httpd packages fix modssl security issue Advisory ID: RHSA-2004:182-01 Issue date: 2004-04-30 Updated on: 2004-04-30 Product: Red Hat...

Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow

Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow source: https://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer...

Rosiello Security Sphiro HTTPd 0.1B - Remote Heap Buffer Overflow

source: https://www.securityfocus.com/bid/10249/info It has been reported that Sphiro HTTPD is prone to a remote heap based buffer overflow vulnerability. This issue is due to a failure of the application to properly verify buffer boundaries before storing input in fixed buffers. Immediate...

Apache Httpd < 2.0.45 : Line feed memory leak DoS

Apache 2.0 versions before Apache 2.0.45 had a significant Denial of Service vulnerability. Remote attackers could cause a denial of service memory consumption via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed...

Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

mod_python remote DoS

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

Apache Httpd < 2.0.49 : listening socket starvation

A starvation issue on listening sockets occurs when a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket. This issue is known to affect som...

Denial of Service in Monkey httpd &lt;= 0.8.1

Luigi Auriemma Application: Monkey httpd http://monkeyd.sourceforge.net Versions: = 0.8.1 Platforms: GNU/Linux Bug: Denial of Service Risk: high Exploitation: remote Date: 11 Feb 2004 Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The...

BUG IN APACHE HTTPD SERVER &#40;current version 2.0.47&#41;

APACHE HTTPD SERVER current version 2.0.47: How to return files in a Apache Deny All directory. The Directives controlling host access may be bypassed even if they have not permission to be override. 11 Jan 2004 DESCRIPTION Apache Web Server allows manage configurations via the main httpd.conf...

php -- readfile() DoS vulnerability

A SUSE Security advisory reports: A bug in the readfile function of php4 could be used to to crash the httpd running the php4 code when accessing files with a multiple of the architectures page size leading to a denial of service...