FreeBSD : apache -- heap overflow in mod_proxy (10)

The following package needs to be updated: apache13+ipv6 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgca6c8f350a5f11d9ad6f00061bc2ad93.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

GLSA-200406-16 : Apache 1.3: Buffer overflow in mod_proxy

The remote host is affected by the vulnerability described in GLSA-200406-16 Apache 1.3: Buffer overflow in modproxy A bug in the proxyutil.c file may lead to a remote buffer overflow. To trigger the vulnerability an attacker would have to get modproxy to connect to a malicous server which return...

CVE-2004-0492

Heap-based buffer overflow in proxyutil.c for modproxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service process crash and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied...

mod_ssl: Format string vulnerability

Background modssl provides Secure Sockets Layer encryption and authentication to Apache 1.3. Description A bug in sslengineext.c makes modssl vulnerable to a ssllog related format string vulnerability in the modproxy hook functions. Impact Given the right server configuration, an attacker could...

CVE-2004-0700

CVE-2004-0700 describes a format-string vulnerability in the mod_ssl component (ssl_engine_log.c) of Apache’s mod_ssl. Affects Apache before 1.3.31 with mod_ssl up to version 2.8.19; remote attackers could use format specifiers in HTTPS log messages processed by ssl_log to potentially execute arb...

RHEL 3 : httpd (RHSA-2004:084)

Updated httpd packages are now available that fix a denial of service vulnerability in modssl and include various other bug fixes. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in modssl in the Apache HTTP Server prior to version...

[SECURITY] [DSA 525-1] New apache packages fix buffer overflow in mod_proxy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 525-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 24th, 2004 http://www.debian.org/security/faq -...

Apache mod_proxy buffer overflow

No description provided...

DSA-525 apache - buffer overflow

Bulletin has no description...

CVE-2004-0492

Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...

Apache 1.3: Buffer overflow in mod_proxy

Background The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides services in tune with the current HTTP standards. Description A bu...

Moderate: Red Hat Security Advisory: apache, mod_ssl security update

Updated httpd and modssl packages that fix minor security issues in the Apache Web server are now available for Red Hat Enterprise Linux 2.1. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. A buffer overflow was found in the Apache proxy module,...

apache -- heap overflow in mod_proxy

A buffer overflow exists in modproxy which may allow an attacker to launch local DoS attacks and possibly execute arbitrary code...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages are now available that fix a denial of service vulnerability in modssl and include various other bug fixes. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in modssl in the Apache HTTP Server prior to version...

Low: Red Hat Security Advisory: apache security update for Stronghold

Updated Apache packages are available which fix a security issue by preventing control characters from being written to the error log. The updated packages also include a minor bug fix for modproxy. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. T...

Apache 2.x APR Exploit Code

I had planned to write this tool in C for the sake of using native functionality like crypt3 to support digest authentication. I'd also planned to support intermediate proxies, but a determined user can implement this via various tunneling applications with minimal complications, and I don't need...

Apache Httpd < 1.3.32 : mod_proxy buffer overflow

A buffer overflow was found in the Apache proxy module, modproxy, which can be triggered by receiving an invalid Content-Length header. In order to exploit this issue an attacker would need to get an Apache installation that was configured as a proxy to connect to a malicious site. This would cau...

Important: Red Hat Security Advisory: apache, openssl, php, tomcat security update for Stronghold

Updated versions of Stronghold 4 cross-platform are available to fix a number of vulnerabilities in OpenSSL, Apache, PHP, and Tomcat. Also included in this update are bug fixes for modproxy and the modauthzldap package. Stronghold 4 cross platform contains a number of open source technologies suc...

CVE-1999-1293

CVE-1999-1293 concerns Apache’s mod_proxy in version 1.2.5 and earlier. The vulnerability allows remote attackers to trigger a denial of service by sending malformed FTP commands, which causes Apache to dump core. The available public description states the impact as a complete denial of service ...