EUVD-2014-3557

Malware in sbrugna...

Oracle Linux 6 : httpd24-httpd (ELSA-2014-1972)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1972 advisory. - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 - core: fix bypassing of modheaders rules via chunk...

K28508558: Apache mod_cache vulnerability CVE-2013-4352

Security Advisory Description The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors...

SUSE CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

SUSE CVE-2014-3581

The cachemergeheadersout function in modules/cache/cacheutil.c in the modcache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty HTTP Content-Type header...

K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583

Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...

Apache HTTP Server DoS Vulnerability (Sep 2014) - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a bug was found in the Apache HTTP Server modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)

The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a...

Denial Of Service

The httpd packages is susceptible to a denial of service. The vulnerability is possible due to a NULL pointer dereference flaw in the modcache httpd module. A malicious HTTP server causes the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching...

Apache 2.4.x < 2.4.12 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.12. It is, therefore, affected by the following vulnerabilities : - A flaw exists in module modheaders that can allow HTTP trailers to replace HTTP headers late during request processing, which a remot...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20160718) (httpoxy)

Security Fixes : - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A...

RHEL 7 : httpd (RHSA-2016:1422) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 7 : httpd (CESA-2016:1422) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2016:1422 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

httpd security and bug fix update

2.4.6-40.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-40.4 - add security fix for CVE-2016-5387 2.4.6-40.3 - add 451 Unavailable For Legal Reasons response status-code 1353269 2.4.6-40.2 - modcache: treat cache as valid with changed Expires in 304 1347648...

httpd24-httpd security and bug fix update

2.4.6-22.0.1.el6 - remove enable-tlsv1x-thunks to fit openssl 1.x api - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.4.6-22 - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 2.4.6-21 - modproxywstunne...

Amazon Linux: Security Advisory (ALAS-2015-483)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...