[SECURITY] Fedora 18 Update: nginx-1.2.7-2.fc18

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

Security release: Symfony 2.0.19 and 2.1.4

I've just released Symfony 2.0.19 and 2.1.4. Both releases contain a security fix. Damien Tournoud, from the Drupal security team, contacted us two days ago about a security issue in the Request::getClientIp method when the trust proxy mode is enabled Request::trustProxyData. An application is...

[SECURITY] Fedora 17 Update: haproxy-1.4.22-1.fc17

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] Fedora 16 Update: haproxy-1.4.22-1.fc16

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

[SECURITY] Fedora 18 Update: haproxy-1.4.22-1.fc18

HA-Proxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread the load among several servers while assuring server persistence through the use of HTTP cookies - switch t...

CVE-2012-5332

at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field...

CVE-2012-5332

Summary: CVE-2012-5332 affects at32 Reverse Proxy 1.060.310 and is caused by processing an overly long HTTP header (demonstrated with the If-Unmodified-Since header), leading to a NULL pointer dereference and a DoS (application crash). Details from connected sources: Multiple CVE records (NVD, CV...

CVE-2012-3526

The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...

CVE-2012-3526

The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...

Cross site request forgery (csrf)

The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...

CVE-2012-3526

The reverse proxy add forward module modrpaf 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service server or application crash via multiple X-Forwarded-For headers in a request...

Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 released in a previous update did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker b...

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64

A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certa...

Scientific Linux Security Update : httpd on SL4.x, SL5.x i386/x86_64

The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy fla...

Scientific Linux Security Update : httpd on SL5.x

Problem description : A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is...

Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 released via a previous update did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker ...

CentOS Update for httpd CESA-2011:1392 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for httpd CESA-2011:1392 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for httpd RHSA-2012:0128-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...