RHEL 3 : httpd (RHSA-2007:0533)

Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...

Apache HTTP Server Mod_Cache拒绝服务漏洞

Apache HTTP Server是一款开放源代码的WEB服务程序。 Apache HTTP Server包含的Modcache存在设计错误，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 如果Cache-Control头字段数据s-maxage, max-age, min-fresh, max-stale其中一个值不赋值，那么Modcache模块在解析的时候可导致应用程序崩溃，造成拒绝服务攻击。 RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5...

CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

DEBIAN-CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

CVE-2007-1863

cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...

CVE-2007-1863

CVE-2007-1863 affects the Apache HTTP Server, specifically the mod_cache module. When caching is enabled and using a threaded MPM, a crafted request containing one of the Cache-Control headers (s-maxage, max-age, min-fresh, or max-stale) without a value can crash the Apache child process, causing...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2007:0533 Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2007:0534 Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

RHEL 4 : httpd (RHSA-2007:0534)

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...

CentOS 4 : httpd (CESA-2007:0534)

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...

RHEL 5 : httpd (RHSA-2007:0556)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

Moderate: httpd security update

2.0.46-67.ent.0.1 - index.html cleanup and logo removal 2.0.46-67.ent - rebuild 2.0.46-66.ent - modcache: follow upstream max-stale handling in CVE-2007-1863 fix 244662 2.0.46-65.ent - add security fixes for CVE-2007-1863 and CVE-2006-5752 244662 2.0.46-64.ent - fix ProxyErrorOverride to only...

CentOS 5 : httpd (CESA-2007:0556)

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct three security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP...

Apache Httpd < 2.0.61 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

Apache Httpd < 2.2.6 : mod_cache proxy DoS

A bug was found in the modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module...

Apache Httpd < 2.2.6 : mod_cache information leak

The recallheaders function in modmemcache in Apache 2.2.4 did not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information...