Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-067-01)

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. modssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. modproxyajp: Respond with HTTPBADREQUEST when the body is not sent...

Apache mod_isapi Dangling Pointer

This module triggers a use-after-free vulnerability in the Apache Software Foundation modisapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target server must have an ISAPI module installed and configured. By making a request that terminates abnormally...

[slackware-security] httpd

New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. modssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. modproxyajp: Respond with HTTPBADREQUEST when the body is not sent...

Apache < 2.2.15 Multiple Vulnerabilities

Binary data 5356.prm...

Apache < 2.2.15 Multiple Vulnerabilities

According to its banner, the version of Apache 2.2 installed on the remote host is older than 2.2.15. Such versions are potentially affected by multiple vulnerabilities : - A TLS renegotiation prefix attack is possible. CVE-2009-3555 - The 'modproxyajp' module returns the wrong status code if it...

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM

Apache 2.2.14 modisapi - Dangling Pointer Remote SYSTEM / Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description:...

Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit

No description provided by source. / Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a...

Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM

/ Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a dangling pointer vulnerabilty in...

Apache 2.2.14 mod_isapi Remote SYSTEM Exploit

/ Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit CVE-2010-0425 ------------------------------------------------------------------------------ Advisory: http://www.senseofsecurity.com.au/advisories/SOS-10-002 Description: pwn-isapi.cpp exploits a dangling pointer vulnerabilty in...

Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit

Exploit for unknown platform in category remote exploits ============================================================== Apache 2.2.14 modisapi Dangling Pointer Remote SYSTEM Exploit ============================================================== / Apache 2.2.14 modisapi Dangling Pointer Remote...

CVE-2010-0425

modules/arch/win32/modisapi.c in modisapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapiunload for an ISAPI .dll module, which allows remote attackers ...

CVE-2010-0425

CVE-2010-0425 affects Apache HTTP Server on Windows with ISAPI module mod_isapi (DLLs in 2.0.37–2.0.63, 2.2.0–2.2.14, and 2.3.x before 2.3.7). Root cause: mod_isapi may unload an ISAPI DLL before request processing finishes, causing memory corruption. Impact: remote code execution or denial of se...

Apache Httpd < 2.0.64 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...

Apache Httpd < 2.2.15 : mod_isapi module unload flaw

A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...