USN-2299-1 apache2 vulnerabilities

Marek Kroemeke discovered that the modproxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2014-0117 Giancarlo Pellegrino and Davide Balzarot...

httpd: mod_proxy denial of service

A denial of service flaw was found in the modproxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules MPM that would cause the httpd child process to crash...

DEBIAN-CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

DEBIAN-CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

CVE-2013-2070

http/modules/ngxhttpproxymodule.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxypass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service crash and obtain sensitive information from worker process memory via a crafted proxy response, a simila...

Drupal Stage File Proxy模块拒绝服务漏洞

Bugtraq ID:61080 Drupal是使用PHP语言编写的开源内容管理框架，它由内容管理系统和PHP开发框架共同构成 Drupal Stage File Proxy模块存在一个拒绝服务漏洞，允许攻击者长时间重复向服务器提交多次请求，会降低所有文件操作的性能，也可能使得某些文件操作不能使用，造成拒绝服务攻击 0 Drupal Stage File Proxy 7.x-1.x 厂商解决方案 Drupal Stage File Proxy 7.x-1.4已经修复此漏洞，建议用户下载更新： http://drupal.org/project/stagefileproxy...

httpd: reverse web proxy vulnerability

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities

According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.36. It is, therefore, affected by the following vulnerabilities : - Requests containing multiple 'content-length' headers are not rejected as invalid. This error can allow...

httpd: Reverse proxy sends wrong responses after time-outs

modproxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in...

httpd: mod_proxy_http DoS via excessive interim responses from the origin server

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

PT-2010-4294 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...

httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply

The approxyftphandler function in modules/proxy/proxyftp.c in the modproxyftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service NULL pointer dereference and child process crash via a malformed reply to an EPSV command...

httpd: mod_proxy reverse proxy DoS (infinite loop)

The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...

CVE-2009-1890

The streamreqbodycl function in modproxyhttp.c in the modproxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service C...

httpd: mod_proxy_http DoS via excessive interim responses from the origin server

A flaw was found in the modproxy module. An attacker who has control of a web server to which requests are being proxied could cause a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364...

httpd: mod_proxy_http DoS via excessive interim responses from the origin server

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

openSUSE 10 Security Update : apache2 (apache2-5126)

This update fixes multiple bugs in apache : - cross site scripting problem in modimap CVE-2007-5000 - cross site scripting problem in modstatus CVE-2007-6388 - cross site scripting problem in the ftp proxy module CVE-2008-0005 - cross site scripting problem in the error page for status code 413...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5128)

This update fixes multiple bugs in apache : - cross-site scripting problem in modimap. CVE-2007-5000 - cross-site scripting problem in modstatus. CVE-2007-6388 - cross-site scripting problem in the ftp proxy module. CVE-2008-0005 - cross-site scripting problem in the error page for status code 41...

httpd: out of bounds read

The date handling code in modules/proxy/proxyutil.c modproxy in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service caching forward proxy process crash via crafted date headers that trigger a buffer over-read...

PT-2005-3030 · Apache +2 · Apache Http Server +2

Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54 Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a...