179 matches found
Apache Httpd < 2.4.10 : mod_status buffer overflow
A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...
Apache HTTP Server多个拒绝服务漏洞
BUGTRAQ ID: 66303 CVE ID: CVE-2013-6438,CVE-2014-0098 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1在实现上存在安全漏洞,可被恶意利用造成拒绝服务。 1、记录截断cookie时,modlogconfig模块存在错误,可被利用造成工作线程崩溃。要成功利用此漏洞需要使用线程化MPM。 2、删除前导空格时,moddav模块存在边界错误,可被利用通过特制的DAV WRITE请求破坏内存。 0 Apache Gro...
Apache Httpd < 2.2.27 : mod_log_config crash
A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...
Apache Httpd < 2.4.9 : mod_log_config crash
A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...
Amazon Linux AMI : subversion (ALAS-2013-180)
A NULL pointer dereference flaw was found in the way the moddavsvn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. CVE-2013-1849 A flaw was found in the way the moddavsvn module handled large numbers...
mod_dav_svn, subversion security update
CentOS Errata and Security Advisory CESA-2013:0737 Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...
httpd: NULL pointer dereference crash in mod_log_config
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
[SECURITY] [DSA 2405-1] apache2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...
FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)
CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
CVE-2012-0021
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
CVE-2012-0021
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
CVE-2012-0021
The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...
Apache Httpd < 2.2.22 : mod_log_config crash
A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...
[SECURITY] [DSA 2298-2] apache2 regression fix
------------------------------------------------------------------------- Debian Security Advisory DSA-2298-2 [email protected] http://www.debian.org/security/ Stefan Fritsch September 05, 2011 http://www.debian.org/security/faq -...
DSA-2298-1 apache2 - denial of service
Bulletin has no description...
Mandriva Linux Security Advisory : apache (MDVSA-2011:057)
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module apache-mpm-itk for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by...
Mandriva Update for apache MDVSA-2011:057 (apache)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-1176
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...
DEBIAN-CVE-2011-1176
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...
CVE-2011-1176
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...