CVE-2008-2364

The CVE-2008-2364 entry concerns the Apache HTTP Server mod_proxy, specifically the ap_proxy_http_process_response function in the mod_proxy_http.c file for Apache versions 2.0.63 and 2.2.8. The issue is that it does not cap the number of forwarded interim responses, which can lead to memory exha...

CVE-2008-2364

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)

According to its banner, the version of Apache 1.3.x running on the remote host is prior to 1.3.41. It is, therefore, affected by multiple vulnerabilities : - A denial of service issue in modproxy when parsing date-related headers. CVE-2007-3847 - A cross-site scripting issue involving modimap...

Debian Security Advisory DSA 525-1 (apache)

The remote host is missing an update to apache announced via advisory DSA 525-1. OpenVAS Vulnerability Test $Id: deb5251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 525-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 525-1 (apache)

The remote host is missing an update to apache announced via advisory DSA 525-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0005 Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a...

Moderate: Red Hat Security Advisory: httpd security update

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

RHEL 3 : httpd (RHSA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

CentOS 3 : httpd (CESA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the modimap...

Mandrake Linux Security Advisory : apache (MDKSA-2007:235)

A flaw in the Apache modproxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the reque...

httpd security, bug fix, and enhancement update

2.0.52-38.ent.0.1 - use oracle index page oracleindex.html - updated string and distro in specfile 2.0.52-38.ent - fix server version string 236419 2.0.52-37.ent - add security fix for CVE-2007-3847 250760 2.0.52-36.ent - add modversion, load in default httpd.conf 248696 2.0.52-35.ent - add...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2007:0747 Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache...

openSUSE 10 Security Update : apache2 (apache2-4666)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863:...

httpd security, bug fix, and enhancement update

2.2.3-11.el5.0.1 - use oracle index page oracleindex.html, update vstring and distro 2.2.3-11.el5 - mark httpd.conf confignoreplace 247881 2.2.3-10.el5 - add security fix for CVE-2007-3847 250761 2.2.3-9.el5 - load modversion by default 247881 2.2.3-8.el5 - add 'ServerTokens Full-Release' config...

RHEL 4 : httpd (RHSA-2007:0747)

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

GLSA-200711-06 : Apache: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200711-06 Apache: Multiple vulnerabilities Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function i...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, fix various bugs, and add enhancements, are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available...

Apache: Multiple vulnerabilities

Background The Apache HTTP server is one of the most popular web servers on the Internet. Description Multiple cross-site scripting vulnerabilities have been discovered in modstatus and modautoindex CVE-2006-5752, CVE-2007-4465. An error has been discovered in the recallheaders function in...

Fedora 7 : httpd-2.2.6-1.fc7 (2007-2214)

This update includes the latest stable release of the Apache HTTP Server. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that...