SUSE CVE-2003-0192

Apache 2 before 2.0.47, and certain versions of modssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite...

SUSE CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2015:1851-1) (Logjam)

The Apache2 webserver was updated to fix several issues : Security issues fixed : - The chunked transfer coding implementation in the Apache HTTP Server did not properly parse chunk headers, which allowed remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to...

openSUSE Security Update : apache2 (openSUSE-2015-635) (Logjam)

Apache2 was updated to fix security issues. - CVE-2015-3185: The apsomeauthrequired function in server/request.c in the Apache HTTP Server 2.4.x did not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote...

httpd security, bug fix, and enhancement update

2.2.15-45.0.1 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-45 - modproxybalancer: add support for 'drain mode' N 767130 2.2.15-44 - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES 1086771 2.2.15-43 - revert DirectoryMatch patc...

openSUSE Security Update : apache2 (openSUSE-SU-2014:1045-1)

This apache2 update fixes the following security issues : - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to 'no' in /etc/apache2/ssl-global.conf - ssl-global.conf: SSLHonorCipherOrder set to on -...

CVE-2014-0848

The 1 ssl.conf and 2 httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

Design/Logic Flaw

The 1 ssl.conf and 2 httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

CVE-2014-0848

The 1 ssl.conf and 2 httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

CVE-2014-0848

CVE-2014-0848 affects IBM Netezza Performance Portal 2.0 (before 2.0.0.4) where the Apache HTTP Server default config uses weak SSLCipherSuite values, enabling a remote attacker to potentially defeat cryptographic protections via brute-force. Vulnerable component: Apache web server in PERFPORTAL ...

Apache 2.0.x < 2.0.47 Multiple Vulnerabilities (DoS, Encryption)

The remote host appears to be running a version of Apache 2.x prior to 2.0.47. It is, therefore, affected by multiple vulnerabilities : - An issue in may occur when the SSLCipherSuite directive is used to upgrade a cipher suite which could lead to a weaker cipher suite being used instead of the...

HP-UX Update for HP-UX Pkg HPSBUX01123

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX01123 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for HP-UX Pkg HPSBUX01123

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX01123 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

FreeBSD : mod_ssl -- SSLCipherSuite bypass (4238151d-207a-11d9-bfe2-0090962cff2a)

It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

Gentoo Security Advisory GLSA 200410-21 (apache)

The remote host is missing updates announced in advisory GLSA 200410-21. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

FreeBSD Ports: ru-apache+mod_ssl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

HP-UX PHSS_33075 : Apache on HP-UX, Remote Denial of Service (DoS), Bypass of SSLCipherSuite Settings (HPSBUX01123 SSRT5931 rev.2)

s700800 11.04 Virtualvault 4.7 OWS Apache 2.x update : A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to create a Denial of Service DoS or to bypass SSLCipherSuite restrictions. %NASLMINLEVEL 70300 C Tenable...

DEBIAN-CVE-2004-0885

The modssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration...

Apache 2, mod_ssl: Bypass of SSLCipherSuite directive

Background The Apache HTTP server is one of the most popular web servers on the internet. modssl provides SSL v2/v3 and TLS v1 support for Apache 1.3 and is also included in Apache 2. Description A flaw has been found in modssl where the "SSLCipherSuite" directive could be bypassed in certain...

CVE-2004-0885

The CVE-2004-0885 entry describes a vulnerability in Apache's mod_ssl for versions 2.0.35–2.0.52 where, when using SSLCipherSuite in directory or location context, remote clients can bypass intended restrictions by selecting any cipher suite allowed by the virtual host configuration. The initial ...