Apache mod_proxy模块HTTP分块编码整数溢出漏洞

BUGTRAQ ID: 37966 CVECAN ID: CVE-2010-0010 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的modproxy模块在执行字符类型转换时存在最终可导致堆溢出的整数溢出漏洞。以下是有漏洞的代码段： "./src/modules/proxy/proxyutil.c" long int approxysendfbBUFF f, requestrec r, cachereq c, offt len, int nowrite, int chunked, sizet recvbuffersize ... sizet...

Important: Red Hat Security Advisory: httpd22 security update

Updated httpd22 packages that fix multiple security issues are now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

Design/Logic Flaw

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

Apache HTTP Server contains a buffer overflow in the mod_proxy module

Overview Apache Web Server contains a buffer overflow vulnerability in the modproxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service DoS attack. Description The Apache Server is an open-source web server offered by The Apache Software Foundation. The...

[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 525-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 24th, 2004 http://www.debian.org/security/faq -...