apache: multiple issues

CVE-2015-0228 denial of service: modlua: A maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash. - CVE-2015-0253 denial of service: Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:0974-1)

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed : - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type cou...

Apache HTTP Server 'mod_lua' Denial of Service Vulnerability (May 2015)

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache HTTP Server 'mod_lua' Denial of Service Vulnerability -01 (May 2015)

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache multiple security vulnerabilities

modheaders restrictions bypass, modcache DoS, modlua restrictions bypass and DoS, modproxyfcgi DoS, modgnutls restrictions bypass...

Mandriva Linux Security Advisory : apache (MDVSA-2015:093)

Updated apache packages fix security vulnerabilities : Apache HTTPD before 2.4.9 was vulnerable to a denial of service in moddav when handling DAVWRITE requests CVE-2013-6438. Apache HTTPD before 2.4.9 was vulnerable to a denial of service when logging cookies CVE-2014-0098. A race condition flaw...

Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

[USN-2523-1] Apache HTTP Server vulnerabilities

========================================================================== Ubuntu Security Notice USN-2523-1 March 10, 2015 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2523-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2523-1 advisory. Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker coul...

Ubuntu: Security Advisory (USN-2523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...

Code injection

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

DEBIAN-CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...

CVE-2015-0228

Apache HTTP Server mod_lua contains a Denial of Service vulnerability in lua_websocket_read (lua_request.c) affecting versions up to 2.4.12. A remote attacker can crash a child process by sending a crafted WebSocket Ping frame after a Lua script has invoked wsupgrade. The provided documents confi...

Updated apache packages fix CVE-2015-0228

Updated apache packages fix security vulnerability: In the modlua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash CVE-2015-0228...

MGASA-2015-0099 Updated apache packages fix CVE-2015-0228

Updated apache packages fix security vulnerability: In the modlua module in the Apache HTTP Server through 2.4.10, a maliciously crafted websockets PING after a script calls r:wsupgrade can cause a child process crash CVE-2015-0228...

Fedora 20 : httpd-2.4.10-2.fc20 (2014-17153)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

CVE-2015-0228

The luawebsocketread function in luarequest.c in the modlua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service child-process crash by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function...