EUVD-2014-3559

Malicious code in bioql PyPI...

RHSA-2015:1855 Red Hat Security Advisory: mod_proxy_fcgi security update

Bulletin has no description...

K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583

Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...

Apache 2.4.x < 2.4.12 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.12. It is, therefore, affected by the following vulnerabilities : - A flaw exists in module modheaders that can allow HTTP trailers to replace HTTP headers late during request processing, which a remot...

httpd24-httpd security and bug fix update

2.4.6-22.0.1.el6 - remove enable-tlsv1x-thunks to fit openssl 1.x api - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.4.6-22 - Remove modproxyfcgi fix for heap-based buffer overflow, httpd-2.4.6 is not affected CVE-2014-3583 2.4.6-21 - modproxywstunne...

RHEL 6 : mod_proxy_fcgi (RHSA-2015:1855)

An updated modproxyfcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

httpd: mod_proxy_fcgi handle_headers() buffer over read

A buffer overflow flaw was found in modproxyfcgi's handleheaders function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash...

Low: Red Hat Security Advisory: mod_proxy_fcgi security update

An updated modproxyfcgi package that fixes one security issue is now available for Red Hat Ceph Storage 1.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Amazon Linux: Security Advisory (ALAS-2015-483)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server 'mod_proxy_fcgi' Denial of Service Vulnerability (May 2015)

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache multiple security vulnerabilities

modheaders restrictions bypass, modcache DoS, modlua restrictions bypass and DoS, modproxyfcgi DoS, modgnutls restrictions bypass...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20150305)

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

CentOS 7 : httpd (CESA-2015:0325)

Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2015:0325 Updated httpd packages that fix two security issues, several bugs, and add various enhancements are for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System...

Fedora 21 : httpd-2.4.10-15.fc21 (2014-17195)

core: fix bypassing of modheaders rules via chunked requests CVE-2013-5704 - modcache: fix NULL pointer dereference on empty Content-Type CVE-2014-3581 - modproxyfcgi: fix a potential crash with long headers CVE-2014-3583 - modlua: fix handling of the Require line when a LuaAuthzProvider is used...

[USN-2523-1] Apache HTTP Server vulnerabilities

========================================================================== Ubuntu Security Notice USN-2523-1 March 10, 2015 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2523-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2523-1 advisory. Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker coul...

httpd security, bug fix, and enhancement update

2.4.6-31.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-31 - modproxyfcgi: determine if FCGICONNCLOSE should be enabled instead of hardcoding it 1168050 - modproxy: support Unix Domain Sockets 1168081 2.4.6-30 - core: fix bypassing of modheaders rules via chunked request...

Ubuntu: Security Advisory (USN-2523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2523-1: Apache HTTP Server vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...