Moderate: Red Hat Security Advisory: httpd security update

Updated httpd packages that fix two security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the...

Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)

This update includes the latest release of httpd, fixing two security issues. A flaw was found in the modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. O...

Apache 2.2.x < 2.2.6 Multiple Vulnerabilities (DoS, XSS, Info Disc)

According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.6. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability in modproxy. - A cross-site scripting vulnerability in modstatus. - A local denial of service...

Apache mod_proxy denial of service

Buffer overread on server ersponse parsing...

apache mod_proxy brief analysis-vulnerability warning-the black bar safety net

These days to be continuous training for 5 days, in the afternoon at the venue quickly stuffy dead. Okay see modproxy vulnerability announcement, just download the apache code and looked, and spent long listening to people crap time. Generally the process is as follows: First look at the...

CVE-2007-3847

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

EUVD-2007-3831

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

CVE-2007-3847

CVE-2007-3847 affects Apache httpd 2.3.x (mod_proxy) where the date handling in modules/proxy/proxy_util.c under a threaded MPM can be triggered by crafted date headers, causing a buffer over-read and remote denial of service (caching forward proxy process crash). The linked advisories indicate t...

SOL5534 - Apache mod_proxy message format vulnerability - CAN-2004-0700

Vulnerability description Format string vulnerability in the modproxy hook functions function in sslenginelog.c in modssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled...

SOL3279 - Heap-based buffer overflow in mod_proxy - CAN-2004-0492

Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code by way of a negative Content-Length HTTP header field, which causes a large amount of data to be copied...

CVE-2007-0450

CVE-2007-0450 is a directory traversal vulnerability affecting Apache Tomcat (and Tomcat behind certain Apache proxies) where a crafted URI containing a dot-dot sequence and mixed separators (/, , and %5C) can cause unauthorized disclosure of arbitrary files. Affected products/versions include To...

Apache Httpd < 2.0.61 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Apache Httpd < 2.2.6 : mod_proxy crash

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Apache HTTP Server 'mod_proxy' Content-length Buffer Overflow Vulnerabilities

The remote web server appears to be running a version of Apache HTTP Server that is older than version 1.3.32. This version is vulnerable to a heap based buffer overflow in proxyutil.c for modproxy. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a...

Apache mod_proxy content-length buffer overflow

The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is vulnerable to a heap based buffer overflow in proxyutil.c for modproxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary code on the...

ELOG 2.5.6 - Remote Shell

/ Worked on latest version for me http://midas.psi.ch/elog/download/tar/elog-latest.tar.gz elog-latest.tar.gz 26-Jan-2005 21:36 519K Default port 8080. str0ke / / Hi there, someone has brought to u a gift. ELOG Remote Shell Exploit = 2.5.6 Also for future Versions Updated On 18/April/2004 LOCK YO...

Apache mod_proxy Content-Length Overflow

The remote web server appears to be running a version of Apache that is older than version 1.3.32. This version is reportedly vulnerable to a heap-based buffer overflow in proxyutil.c for modproxy. This issue may lead remote attackers to cause a denial of service and possibly execute arbitrary co...

Apache HTTP Server contains a buffer overflow in the mod_proxy module

Overview Apache Web Server contains a buffer overflow vulnerability in the modproxy module that may allow a remote attacker to execute arbitrary code or launch a denial of service DoS attack. Description The Apache Server is an open-source web server offered by The Apache Software Foundation. The...

Apache mod_ssl format string bug

Format string bug if modssl is used in conjunction with modproxy for SSL proxing https://foos.example.com/...

Debian DSA-525-1 : apache - buffer overflow

Georgi Guninski discovered a buffer overflow bug in Apache's modproxy module, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process by default, user www-data. Note that this bug is only exploitable if the modproxy module i...