271 matches found
Apache Httpd < 2.2.29 : mod_deflate denial of service
A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...
Apache Httpd < 2.4.10 : mod_deflate denial of service
A resource consumption flaw was found in moddeflate. If request body decompression was configured using the "DEFLATE" input filter, a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration...
Apache Httpd < 2.4.9 : mod_dav crash
XML parsing code in moddav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provide...
Apache Httpd < 2.2.27 : mod_dav crash
XML parsing code in moddav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provide...
Apache Httpd < 2.4.7 : mod_cache crash
A NULL pointer dereference was found in modcache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. Note that this vulnerability was fixed in the 2.4.7 release, but the security impact was not disclosed at the time of the release...
Apache Httpd < 2.4.12 : HTTP Trailers processing bypass
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...
Apache Httpd < 2.2.29 : HTTP Trailers processing bypass
HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. This fix adds the "MergeTrailers" directive to restore legacy behavior...
Apache Httpd < 2.4.16 : ap_some_auth_required API unusable
A design error in the "apsomeauthrequired" function renders the API unusuable in httpd 2.4.x. In particular the API is documented to answering if the request required authentication but only answers if there are Require lines in the applicable configuration. Since 2.4.x Require lines are used for...
Apache Httpd < 2.4.6 : mod_session_dbd session fixation flaw
A flaw in modsessiondbd caused it to proceed with save operations for a session without considering the dirty flag and the requirement for a new session ID...
Apache Httpd < 2.2.25 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.0.65 : mod_rewrite log escape filtering
modrewrite does not filter terminal escape sequences from logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences...
Apache Httpd < 2.4.6 : mod_dav crash
Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...
Apache Httpd < 2.2.25 : mod_dav crash
Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault...
Apache Httpd < 2.4.33 : Weak Digest auth nonce generation in mod_auth_digest
When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker withou...
Apache Httpd < 2.2.22 : mod_proxy_ajp remote DoS
A flaw was found when modproxyajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of...
Apache Httpd < 2.4.4 : XSS in mod_proxy_balancer
A XSS flaw affected the modproxybalancer manager interface...
Apache Httpd < 2.2.24 : XSS in mod_proxy_balancer
A XSS flaw affected the modproxybalancer manager interface...
Apache Httpd < 2.4.3 : Response mixup when using mod_proxy_ajp or mod_proxy_http
The modules modproxyajp and modproxyhttp did not always close the connection to the back end server when necessary as part of error handling. This could lead to an information disclosure due to a response mixup between users...
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp...
Apache Httpd < 2.4.3 : XSS in mod_negotiation when untrusted uploads are supported
Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...
Apache Httpd < 2.2.23 : XSS in mod_negotiation when untrusted uploads are supported
Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. Note: This issue is also known as CVE-2008-0455...
Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling
Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
Apache Httpd < 2.4.2 : insecure LD_LIBRARY_PATH handling
Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
Apache Httpd < 2.2.22 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.0.65 : error responses can expose cookies
A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose "httpOnly" cookies when no custom ErrorDocument is specified...
Apache Httpd < 2.0.65 : scoreboard parent DoS
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...
Apache Httpd < 2.2.22 : scoreboard parent DoS
A flaw was found in the handling of the scoreboard. An unprivileged child process could cause the parent process to crash at shutdown rather than terminate cleanly...
Apache Httpd < 2.2.22 : mod_log_config crash
A flaw was found in modlogconfig. If the '%cookienameC' log format string is in use, a remote attacker could send a specific cookie causing a crash. This crash would only be a denial of service if using a threaded MPM...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...
Apache Httpd < 2.2.22 : mod_setenvif .htaccess privilege escalation
An integer overflow flaw was found which, when the modsetenvif module is enabled, could allow local users to gain privileges via a .htaccess file...
Apache Httpd < 2.0.65 : mod_setenvif .htaccess privilege escalation
An integer overflow flaw was found which, when the modsetenvif module is enabled, could allow local users to gain privileges via a .htaccess file...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers no...
Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS
A flaw was found when modproxyajp is used together with modproxybalancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service...
Apache Httpd < 2.0.65 : Range header remote DoS
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...
Apache Httpd < 2.2.20 : Range header remote DoS
A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. This could be used in a denial of service attack. Advisory...
Apache Httpd < 2.2.19 : apr_fnmatch flaw leads to mod_autoindex remote DoS
A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...
Apache Httpd < 2.0.65 : apr_fnmatch flaw leads to mod_autoindex remote DoS
A flaw was found in the aprfnmatch function of the bundled APR library. Where modautoindex is enabled, and a directory indexed by modautoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could b...
Apache Httpd < 2.2.10 : Timeout detection flaw (mod_proxy_http)
An information disclosure flaw was found in modproxyhttp in version 2.2.9 only, on Unix platforms. Under certain timeout conditions, the server could return a response intended for another user. Only those configurations which trigger the use of proxy worker pools are affected. There was no...
Apache Httpd < 2.2.16 : Timeout detection flaw (mod_proxy_http)
An information disclosure flaw was found in modproxyhttp in versions 2.2.9 through 2.2.15, 2.3.4-alpha and 2.3.5-alpha. Under certain timeout conditions, the server could return a response intended for another user. Only Windows, Netware and OS2 operating systems are affected. Only those...
Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS
A flaw was found in the handling of requests by modcache 2.2 and moddav 2.0 and 2.2. A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated a...
Apache Httpd < 2.0.64 : apr_bridage_split_line DoS
A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...
Apache Httpd < 2.2.17 : apr_bridage_split_line DoS
A flaw was found in the aprbrigadesplitline function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service...
Apache Httpd < 2.2.15 : mod_isapi module unload flaw
A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...
Apache Httpd < 2.0.64 : mod_isapi module unload flaw
A flaw was found with within modisapi which would attempt to unload the ISAPI dll when it encountered various error states. This could leave the callbacks in an undefined state and result in a segfault. On Windows platforms using modisapi, a remote attacker could send a malicious request to trigg...
Apache Httpd < 2.2.15 : mod_proxy_ajp DoS
modproxyajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service...
Apache Httpd < 1.3.42 : mod_proxy overflow on 64-bit systems
An incorrect conversion between numeric types flaw was found in the modproxy module which affects some 64-bit architecture systems. A malicious HTTP server to which requests are being proxied could use this flaw to trigger a heap buffer overflow in an httpd child process via a carefully crafted...