K15894: Apache vulnerabilities CVE-2012-4557 and CVE-2012-0021

Security Advisory Description CVE-2012-4557 The modproxyajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service worker consumption via an...

Security Bulletin: Network Intrusion Prevention System is affected by multiple Apache web server vulnerabilities (CVE-2013-6438, CVE-2014-0098, CVE-2014-0226, CVE-2014-0231)

Summary Security vulnerabilities have been discovered in the Apache web server component bundled with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2013-6438 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modda...

Apache HTTP Server Multiple Vulnerabilities (Mar 2014) - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Denial Of Service (DoS)

Red Hat JBoss Web Server is vulnerable to denial of service. A buffer over-read flaw was found in the httpd modlogconfig module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie...

Apache 2.4.x < 2.4.9 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is a version prior to 2.4.9. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the 'moddav' module that is caused when tracking the length of CDATA that has leading white space. A remo...

Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in the Apache HTTP server, caused by an error in the mod_log_config module (CVE-2014-0098)

Summary Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modlogconfig module. Vulnerability Details CVE-ID: CVE-2014-0098 DESCRIPTION: IBM Tealeaf Customer Experience’s PCA uses the Apache HTTP server to render its web console. Apache HTTP server is vulnerable to...

Amazon Linux: Security Advisory (ALAS-2014-331)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remot...

Oracle Solaris Third-Party Patch Update : apache (multiple_input_validation_vulnerabilities_in1)

The remote Solaris system is missing necessary patches to address security updates : - The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause ...

Amazon Linux AMI : httpd (ALAS-2014-331)

It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV request that would...

IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacke...

RHEL 5 / 6 : JBoss EAP (RHSA-2014:0826)

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Enterprise Application Platform 6.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2 httpd security update

An update for the Apache HTTP Server packages for Red Hat JBoss Enterprise Application Platform 6.2 that fixes two security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2 httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat JBoss Enterprise Application Platform 6.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0783)

Updated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 httpd security and bug fix update

Updated httpd packages that fix two security issues and one bug are now available for Red Hat JBoss Web Server 2.0.1 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 2.0.1 httpd security and bug fix update

An update for the Apache HTTP Server component of Red Hat JBoss Web Server 2.0.1 that fixes two security issues and one bug is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this...

httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

Medium: httpd

Issue Overview: It was found that the moddav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the moddav module for example when using the moddavsvn module, a remote attacker could send a specially crafted DAV reque...

CentOS Update for httpd CESA-2014:0369 centos5

Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2014:0369 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...