CVE-2014-0117

The vulnerability CVE-2014-0117 affects the Apache HTTP Server, specifically the mod_proxy behavior in the 2.4.x line prior to 2.4.10. When a reverse proxy is enabled, a remote attacker can craft an HTTP Connection header to trigger a denial of service (child process crash). This is documented ac...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

Apache HTTP Server mod_proxy Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: modproxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy with a threaded MPM. Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. moddeflate: The DEFLATE input filter...

openSUSE Security Update : apache2 (openSUSE-SU-2011:1217-1)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)

This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...

openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)

This update fixes several security issues in the Apache2 webserver. CVE-2011-3368, CVE-2011-4317: This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3607: Integer overflow in appregsub function resulting in a heap based...

Apache Httpd < 2.4.10 : mod_proxy denial of service

A flaw was found in modproxy in httpd versions 2.4.6 to 2.4.9. A remote attacker could send a carefully crafted request to a server configured as a reverse proxy, and cause the child process to crash. This could lead to a denial of service against a threaded MPM...

Amazon Linux AMI : httpd (ALAS-2011-09)

The MITRE CVE database describes these CVEs as : The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

Oracle Linux 5 : httpd (ELSA-2013-0130)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0130 advisory. - add security fix for CVE-2008-0456 - add security fix for CVE-2012-2687 850794 Tenable has extracted the preceding description block directly from th...

Oracle Linux 3 : httpd (ELSA-2008-0005)

From Red Hat Security Advisory 2008:0005 : Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web...

CentOS 4 : httpd (CESA-2007:0747)

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

CentOS 5 : httpd (CESA-2010:0659)

Updated httpd packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RedHat Update for httpd RHSA-2013:0512-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Slackware Advisory SSA:2004-207-02 new mod_ssl packages

The remote host is missing an update as announced via advisory SSA:2004-207-02. OpenVAS Vulnerability Test $Id: esoftslkssa200420702.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364 A flaw was found in the modproxyftp Apache module. If Apache was...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certa...

Scientific Linux Security Update : httpd on SL5.x

Problem description : A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is...

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar...