23 matches found
K16908: Apache HTTPD vulnerability CVE-2011-4415
Security Advisory Description The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of servi...
SUSE CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
Apache HTTP Server Multiple Vulnerabilities (Jan 2012) - Linux
Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Vulnerability
Exploit for linux platform in category dos / poc Source: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ Background The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, Microsoft Windows, Mac OS/X and Netware. The goal of this...
SOL16907 - Apache HTTPD vulnerability CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
Apache HTTP Server 'ap_pregsub()'function local denial of service vulnerability-vulnerability warning-the black bar safety net
Affected system: Apache Group The Apache 2.2. x Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 0 6 3 9 CVE ID: CVE-2 0 1 1-4 4 1 5 Apache HTTP Server is the Apache Software Foundation an open source web server, you can In most...
Apache HTTP Server 'ap_pregsub()'函数本地拒绝服务漏洞(CVE-2011-4415)
BUGTRAQ ID: 50639 CVE ID: CVE-2011-4415 Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行。 Apache HTTP Server 2.0.x至2.0.64及2.2.x至2.2.21内server/util.c中的appregsub函数,在启用了modsetenvif模块后,没有限制环境变量的值大小,通过带有特制SetEnvIf指令的.htaccess文件和HTTP请求标头,导致拒绝服务(内存破坏或空指针引用)。 0 Apache 2.2.x 厂商补丁: Apache Group...
httpd: ap_pregsub Integer overflow to buffer overflow
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)
CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
Mandriva Linux Security Advisory : apache (MDVSA-2012:003)
Multiple vulnerabilities has been found and corrected in apache : Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file...
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2011-4415
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
Integer overflow
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
Null pointer dereference
The appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service memory consumption or NULL...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-4415
The CVE-2011-4415 issue affects the Apache HTTP Server (2.0.x up to 2.0.64 and 2.2.x up to 2.2.21) when mod_setenvif is enabled. The root cause is an integer overflow in ap_pregsub during environment variable handling (SetEnvIf), with a crafted .htaccess and HTTP header causing memory exhaustion ...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...
CVE-2011-3607
Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...