7 matches found
Apache 2.4.x < 2.4.12 Multiple Vulnerabilities
According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.12. It is, therefore, affected by the following vulnerabilities : - A flaw exists in module modheaders that can allow HTTP trailers to replace HTTP headers late during request processing, which a remot...
SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)
Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed : - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type cou...
Apache HTTP Server 'mod_lua' Denial of Service Vulnerability (May 2015)
Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SUSE-SU-2015:0974-1 Security update for apache2
Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type coul...
Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)
core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...
openSUSE Security Update : apache2 (openSUSE-SU-2014:1726-1)
Apache2 was updated to fix bugs and security issues. Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way modheaders handled chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior bnc871310, CVE-2014-8109: Fixes handling of the Require line when a...
Apache Httpd < 2.4.12 : mod_lua multiple "Require" directive handling is broken
Fix handling of the Require line in modlua when a LuaAuthzProvider is used in multiple Require directives with different arguments. This could lead to different authentication rules than expected...