This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491)

Solution

There are no workarounds known.

OSVersionArchitecturePackageVersionFilename
openSUSE9.1x86_64apache2-prefork< 2.0.49-27.34apache2-prefork-2.0.49-27.34.x86_64.rpm
openSUSE9.2i586apache2-worker< 2.0.50-7.7apache2-worker-2.0.50-7.7.i586.rpm
openSUSE9.2i586apache2-devel< 2.0.50-7.7apache2-devel-2.0.50-7.7.i586.rpm
openSUSE9.2x86_64apache2-prefork< 2.0.50-7.7apache2-prefork-2.0.50-7.7.x86_64.rpm
openSUSE9.0i586apache2-metuxmpm< 2.0.48-155apache2-metuxmpm-2.0.48-155.i586.rpm
openSUSE9.0x86_64apache2-prefork< 2.0.48-155apache2-prefork-2.0.48-155.x86_64.rpm
openSUSE9.0i586apache2< 2.0.48-155apache2-2.0.48-155.i586.rpm
openSUSE9.3i586apache2-devel< 2.0.53-9.5apache2-devel-2.0.53-9.5.i586.rpm
openSUSE9.0x86_64apache2< 2.0.48-155apache2-2.0.48-155.x86_64.rpm
openSUSE9.2x86_64apache2-devel< 2.0.50-7.7apache2-devel-2.0.50-7.7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.1	x86_64	apache2-prefork	< 2.0.49-27.34	apache2-prefork-2.0.49-27.34.x86_64.rpm
openSUSE	9.2	i586	apache2-worker	< 2.0.50-7.7	apache2-worker-2.0.50-7.7.i586.rpm
openSUSE	9.2	i586	apache2-devel	< 2.0.50-7.7	apache2-devel-2.0.50-7.7.i586.rpm
openSUSE	9.2	x86_64	apache2-prefork	< 2.0.50-7.7	apache2-prefork-2.0.50-7.7.x86_64.rpm
openSUSE	9.0	i586	apache2-metuxmpm	< 2.0.48-155	apache2-metuxmpm-2.0.48-155.i586.rpm
openSUSE	9.0	x86_64	apache2-prefork	< 2.0.48-155	apache2-prefork-2.0.48-155.x86_64.rpm
openSUSE	9.0	i586	apache2	< 2.0.48-155	apache2-2.0.48-155.i586.rpm
openSUSE	9.3	i586	apache2-devel	< 2.0.53-9.5	apache2-devel-2.0.53-9.5.i586.rpm
openSUSE	9.0	x86_64	apache2	< 2.0.48-155	apache2-2.0.48-155.x86_64.rpm
openSUSE	9.2	x86_64	apache2-devel	< 2.0.50-7.7	apache2-devel-2.0.50-7.7.x86_64.rpm

Rows per page:

1-10 of 441

nessus 56

suse 3

openvas 62

ubuntucve 4

slackware 5

cve 3

redhat 4

centos 4

gentoo 13

debian 11

osv 4

ubuntu 2

checkpoint_advisories 2

securityvulns 10

httpd 2

debiancve 2

wpvulndb 1

freebsd 2

f5 4

packetstorm 1

patchstack 1

cert 2

exploitpack 1

nessus

SUSE-SA:2005:049: php4, php5

2005-10-05 00:00:00

SUSE-SA:2005:051: php4,php5

2005-10-05 00:00:00

CentOS 3 / 4 : httpd (CESA-2005:608)

2006-07-03 00:00:00

suse

remote code execution in php4, php5

2005-08-30 14:35:22

local command execution, authentication bypass, in apache2

2005-09-16 12:34:21

remote code execution in php/pear XML::RPC

2005-07-08 15:32:35

openvas

SLES9: Security update for Apache2

2009-10-10 00:00:00

SLES9: Security update for Apache2

2009-10-10 00:00:00

Slackware Advisory SSA:2005-242-02 PHP

2012-09-11 00:00:00

ubuntucve

CVE-2005-2498

2005-08-15 00:00:00

CVE-2005-1921

2005-07-05 00:00:00

CVE-2005-2700

2005-09-06 00:00:00

slackware

php5 in Slackware 10.1

2005-09-08 15:55:19

PHP

2005-08-30 15:54:11

slackware-current security updates

2005-09-08 15:55:02

cve

CVE-2005-2498

2005-08-15 04:00:00

CVE-2005-2700

2005-09-06 23:03:00

CVE-2005-1921

2005-07-05 04:00:00

redhat

(RHSA-2005:608) httpd security update

2005-09-06 00:00:00

(RHSA-2005:748) php security update

2005-08-19 00:00:00

(RHSA-2005:773) mod_ssl security update

2005-09-15 00:00:00

centos

httpd, mod_ssl security update

2005-09-06 15:58:02

php security update

2005-08-31 21:06:57

php security update

2005-08-19 18:20:20

gentoo

PHP: Vulnerabilities in included PCRE and XML-RPC libraries

2005-09-27 00:00:00

Apache, mod_ssl: Multiple vulnerabilities

2005-09-19 00:00:00

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

2005-08-24 00:00:00

debian

[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities

2005-08-29 15:31:06

[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities

2005-08-29 15:31:06

[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities

2005-09-08 18:07:44

osv

php4 - several

2005-08-29 00:00:00

apache2 - several

2005-09-08 00:00:00

drupal - missing input sanitising

2005-10-04 00:00:00

ubuntu

Apache 2 vulnerabilities

2005-09-07 00:00:00

PHP XMLRPC vulnerability

2005-07-05 00:00:00

checkpoint_advisories

Apache Byte-Range Filter Denial of Service (CVE-2005-2728)

2010-07-25 00:00:00

LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)

2015-03-26 00:00:00

securityvulns

[Full-disclosure] [ GLSA 200507-06 ] TikiWiki: Arbitrary command execution through XML-RPC

2005-07-07 00:00:00

[Full-disclosure] Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability

2005-08-15 00:00:00

[Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability

2005-08-15 00:00:00

httpd

Apache Httpd < 2.0.55 : SSLVerifyClient bypass

2005-08-30 00:00:00

Apache Httpd < 2.0.55 : Byterange filter DoS

2005-07-07 00:00:00

debiancve

CVE-2005-2700

2005-09-06 23:03:00

CVE-2005-2728

2005-08-30 11:45:00

wpvulndb

WordPress <= 1.5.1.2 - XMLRPC Eval Injection

2005-06-29 00:00:00

freebsd

pear-XML_RPC -- remote PHP code injection vulnerability

2005-08-15 00:00:00

pear-XML_RPC -- arbitrary remote code execution

2005-06-29 00:00:00

K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700

2013-03-28 00:00:00

SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700

2007-05-16 00:00:00

K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700

2013-03-28 00:00:00

packetstorm

PHP XML-RPC Arbitrary Code Execution

2009-10-30 00:00:00

patchstack

WordPress <= 1.3.0 - Eval Injection

2005-06-08 00:00:00

cert

mod_ssl fails to properly enforce client certificates authentication

2005-09-09 00:00:00

Multiple PHP XML-RPC implementations vulnerable to code injection

2005-07-06 00:00:00

exploitpack

PHPXMLRPC 1.1 - Remote Code Execution

2015-07-02 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.974 High

EPSS

Percentile

99.9%

JSON

Related for SUSE-SA:2005:051