Lucene search
K

179 matches found

Apache Httpd
Apache Httpd
added 2014/05/30 12:0 a.m.92 views

Apache Httpd < 2.4.10 : mod_status buffer overflow

A race condition was found in modstatus. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessibl...

6.8CVSS6.2AI score0.85744EPSS
Exploits4Affected Software1
seebug.org
seebug.org
added 2014/03/20 12:0 a.m.1054 views

Apache HTTP Server多个拒绝服务漏洞

BUGTRAQ ID: 66303 CVE ID: CVE-2013-6438,CVE-2014-0098 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1在实现上存在安全漏洞,可被恶意利用造成拒绝服务。 1、记录截断cookie时,modlogconfig模块存在错误,可被利用造成工作线程崩溃。要成功利用此漏洞需要使用线程化MPM。 2、删除前导空格时,moddav模块存在边界错误,可被利用通过特制的DAV WRITE请求破坏内存。 0 Apache Gro...

5CVSS8.3AI score0.26831EPSS
Exploits2
Apache Httpd
Apache Httpd
added 2014/02/25 12:0 a.m.73 views

Apache Httpd < 2.2.27 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

5CVSS7.2AI score0.25999EPSS
Exploits2Affected Software1
Apache Httpd
Apache Httpd
added 2014/02/25 12:0 a.m.102 views

Apache Httpd < 2.4.9 : mod_log_config crash

A flaw was found in modlogconfig. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

5CVSS7.2AI score0.25999EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.37 views

Amazon Linux AMI : subversion (ALAS-2013-180)

A NULL pointer dereference flaw was found in the way the moddavsvn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. CVE-2013-1849 A flaw was found in the way the moddavsvn module handled large numbers...

5CVSS7.7AI score0.51442EPSS
Exploits0References5
Cent OS
Cent OS
added 2013/04/11 8:31 p.m.73 views

mod_dav_svn, subversion security update

CentOS Errata and Security Advisory CESA-2013:0737 Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...

5CVSS7.3AI score0.51442EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2012/05/07 6:16 p.m.6 views

httpd: NULL pointer dereference crash in mod_log_config

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS7.3AI score0.30809EPSS
Exploits0References4
Debian
Debian
added 2012/02/06 9:6 a.m.81 views

[SECURITY] [DSA 2405-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 [email protected] http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq -...

5CVSS10AI score0.90734EPSS
Exploits24
Tenable Nessus
Tenable Nessus
added 2012/02/02 12:0 a.m.55 views

FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)

CVE MITRE reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

5CVSS8.1AI score0.90734EPSS
Exploits23References7
NVD
NVD
added 2012/01/28 4:5 a.m.15 views

CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS6.2AI score0.30809EPSS
Exploits0References28
Debian CVE
Debian CVE
added 2012/01/28 2:0 a.m.32 views

CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS8.2AI score0.30809EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2012/01/27 12:0 a.m.40 views

CVE-2012-0021

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %C format string, which allows remote attackers to cause a denial of service daemon crash via a cookie that lacks both a nam...

2.6CVSS7.1AI score0.30809EPSS
Exploits0References3
Apache Httpd
Apache Httpd
added 2011/12/30 12:0 a.m.46 views

Apache Httpd < 2.2.22 : mod_log_config crash

A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...

2.6CVSS1AI score0.30809EPSS
Exploits0Affected Software1
Debian
Debian
added 2011/09/05 7:20 p.m.78 views

[SECURITY] [DSA 2298-2] apache2 regression fix

------------------------------------------------------------------------- Debian Security Advisory DSA-2298-2 [email protected] http://www.debian.org/security/ Stefan Fritsch September 05, 2011 http://www.debian.org/security/faq -...

7.8CVSS7.8AI score0.98945EPSS
Exploits17
OSV
OSV
added 2011/08/29 12:0 a.m.52 views

DSA-2298-1 apache2 - denial of service

Bulletin has no description...

7.8CVSS6.1AI score0.98945EPSS
Exploits17
Tenable Nessus
Tenable Nessus
added 2011/04/01 12:0 a.m.34 views

Mandriva Linux Security Advisory : apache (MDVSA-2011:057)

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module apache-mpm-itk for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by...

4.3CVSS7.7AI score0.02721EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2011/04/01 12:0 a.m.30 views

Mandriva Update for apache MDVSA-2011:057 (apache)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS7.4AI score0.02721EPSS
Exploits0References3
NVD
NVD
added 2011/03/29 6:55 p.m.18 views

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

4.3CVSS6.7AI score0.02721EPSS
Exploits0References12
OSV
OSV
added 2011/03/29 6:55 p.m.1 views

DEBIAN-CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

4.3CVSS9.3AI score0.02721EPSS
Exploits0References1
OSV
OSV
added 2011/03/29 6:55 p.m.7 views

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

6.7AI score
Exploits0References17
Rows per page
Query Builder