Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. CVE-2009-1890 A denial of service flaw was found in the Apache moddeflate module. This module...

SuSE9 Security Update : Apache (YOU Patch Number 12609)

Specially crafted requests could lead to an integer overflow in modproxy. Attackers could exploit that to crash Apache or potentially cause execution of arbitrary code. CVE-2010-0010 The problem only affects 64bit architectures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text...

Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)

A security bypass vulnerability has been reported in Apache HTTP Server...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...

USN-1368-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. CVE-2011-3607 Prutha Parikh discovered that the modproxy module did not properly intera...

Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure

The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This could allow a remote...

Apache HTTP Server "mod_proxy"反向代理安全限制绕过漏洞

BUGTRAQ ID: 51869 CVE ID: CVE-2011-3639 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器，可以在大多数计算机操作系统中运行。 Apache HTTP Server 2.0.x至2.0.64版本及2.2.18之前的2.2.x版本中的modproxy模块在安装了Revision 1179239补丁时，没有正确使用RewriteRule和ProxyPassMatch模式，以匹配反向代理的配置，这会允许远程攻击者通过HTTP/0.9协议发送畸形请求到内部服务器，导致绕过某些安全限制，获取敏感信息。 0 Apache...

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

Apache 2.2.15 modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runni...

Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass

source: https://www.securityfocus.com/bid/51869/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. RewriteRule ^...

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

Mandriva Update for apache MDVSA-2012:003 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2012:003 apache Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Update for apache MDVSA-2012:003 (apache)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Apache mod_proxy unauthorized internal network access

Invalid processing for URI with preceeding @ sign...

Mandriva Linux Security Advisory : apache (MDVSA-2012:003)

Multiple vulnerabilities has been found and corrected in apache : Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file...

SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7882)

This update fixes several security issues in the Apache2 webserver. - This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3639 / CVE-2011-3368 / CVE-2011-4317 - Fixed the SSL renegotiation DoS by disabling renegotiation by...

SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5482)

This update fixes several security issues in the Apache2 webserver. - This update also includes several fixes for a modproxy reverse exposure via RewriteRule or ProxyPassMatch directives. CVE-2011-3639 / CVE-2011-3368 / CVE-2011-4317 - Fixed the SSL renegotiation DoS by disabling renegotiation by...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

DEBIAN-CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...