119 matches found
Path traversal
The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...
CVE-2010-1452
CVE-2010-1452 affects Apache HTTP Server 2.2.x (before 2.2.16) via the mod_cache and mod_dav components. A request that lacks a path can crash the server, causing a denial of service. Debian advisories and related vendor notes confirm the issue and describe fixes/upgrades to 2.2.16 (and subsequen...
CVE-2010-1452
The 1 modcache and 2 moddav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service process crash via a request that lacks a path...
FreeBSD : apache -- Remote DoS bug in mod_cache and mod_dav (28a7310f-9855-11df-8d36-001aa0166822)
Apache ChangeLog reports : moddav, modcache: Fix Handling of requests without a path segment. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...
apache -- Remote DoS bug in mod_cache and mod_dav
Apache ChangeLog reports: moddav, modcache: Fix Handling of requests without a path segment...
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Mandriva Security Advisory MDVSA-2009:323 (apache)
The remote host is missing an update to apache announced via advisory MDVSA-2009:323. OpenVAS Vulnerability Test $Id: mdksa2009323.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:323 apache Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft In...
SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)
This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...
Apache HTTP Server mod_cache Module Denial of Service (CVE-2007-1863)
Apache is a popular web server available for a wide variety of operating systems.The modcache module is one of the official plug-in modules for Apache. A denial of service vulnerability was reported in the modcache module of the Apache HTTP Server.An attacker may exploit this vulnerability to...
openSUSE 10 Security Update : apache2 (apache2-4666)
Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863:...
GLSA-200711-06 : Apache: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200711-06 Apache: Multiple vulnerabilities Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function i...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function in...
Fedora 7 : httpd-2.2.4-4.1.fc7 (2007-0704)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in modproxy. - A cross-site scripting vulnerability in modstatus. - A local denial of service...
USN-499-1: Apache vulnerabilities
Stefan Esser discovered that modstatus did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to...
Fedora Core 6 : httpd-2.2.4-2.1.fc6 (2007-615)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
Mandrake Linux Security Advisory : apache (MDKSA-2007:140)
A vulnerability was discovered in the the Apache modstatus module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled CVE-2006-5752. A vulnerability was found in the Apache modcache module that could cause...
Fedora Core 5 : httpd-2.2.2-1.3 (2007-617)
The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of...
CentOS 3 : httpd (CESA-2007:0533)
Updated Apache httpd packages that correct two security issues and two bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in th...