Next Page >>
Apache HTTP Server
Rapid7 Advisory R7-0033
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
Discovered: July 25, 2008
Published: August 5, 2008
Revision: 1.1
http://www.rapid7.com/advisories/R7-0033
CVE: CVE-2008-2939
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0010
Synopsis: VMware Hosted products update libpng and Apache HTTP
Server
Issue date: 2009-08-20
Updated on: 2009-08-20 (initial release of advisory)
CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863
CVE-2006-5752 CVE-2007-3304 CVE-2007-6388
CVE-2007-5000 CVE-2008-0005
(CVE-2009-2412).
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
in apr-util:
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
Apache HTTP Server 2.2.22 Released
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.2.22 of the Apache HTTP
Server ("Apache"). This version of Apache is principally a security
and bug fix release, including the following significant security fixes:
* SECURITY: CVE-2011-3368 (cve.mitre.org)
Reject requests where the request-URI does not match the HTTP
specification, preventing unexpected expansion of target URLs in
in apr-util:
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
SOS-10-002
Release Date. 5-Mar-2010
Last Update. -
Vendor Notification Date. 9-Feb-2010
Product. Apache HTTP Server
Platform. Microsoft Windows
Affected versions. 2.2.14 verified and
possibly others.
Severity Rating. High
Impact. System access
Multiple vulnerabilities has been found and corrected in apache
(ASF HTTPD):
The log_cookie function in mod_log_config.c in the mod_log_config
module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded
MPM is used, does not properly handle a \%{}C format string, which
allows remote attackers to cause a denial of service (daemon crash)
via a cookie that lacks both a name and a value (CVE-2012-0021).
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
before 2.2.16 allow remote attackers to cause a denial of service
(process crash) via a request that lacks a path (CVE-2010-1452).
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,
does not close the backend connection if a timeout occurs when reading
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
attacks.
Background
==========
The Apache HTTP server is one of the most popular web servers on the
Internet.
Affected packages
=================
Problem Description:
Multiple vulnerabilities was discovered and corrected in apache:
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in
the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
allows remote FTP servers to cause a denial of service (NULL pointer
dereference and child process crash) via a malformed reply to an EPSV
command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
Integer overflow in the ap_pregsub function in server/util.c in the
Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21,
when the mod_setenvif module is enabled, allows local users to gain
privileges via a .htaccess file with a crafted SetEnvIf directive,
in conjunction with a crafted HTTP request header, leading to a
heap-based buffer overflow (CVE-2011-3607).
section 3.4.1 for compatibility problems.
Internet Explorer's autodetection of UTF-7 clearly violates this
specification, introducing the opportunity for myriad similar attacks.
There are several workarounds in Apache HTTP Server to prevent Microsoft's
vulnerability, including
AddDefaultCharset ISO-8859-1
or by enabling multilanguage error docs (with explicit charsets) by simply
For more information on the ARCserve Patch Management utility,
read document TEC446265.
Workaround:
As a workaround solution, disable the Apache HTTP Server with the
"stopgui" command. To re-enable the server, run "startgui".
Stopping the Apache HTTP Server will prevent the ARCserve user
from performing GUI operations. Most of the operations provided by
the GUI can be accomplished via the command line.
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Vulnerability found: 7 November 2007
Vendor contacted: 14 November 2007
Risk factor: N/A
The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method.
Example:
http://www.example.com/CP/...../account_manage.php/login.php
Successful exploitation requires that files are served from an Apache
HTTP server.
The vulnerability has been reported in version 4.3.4a. Other versions
may also be affected.
SOLUTION:
Multiple vulnerabilities has been found and corrected in gnutls:
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as
used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl
in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,
GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)
3.12.4 and earlier, and other products, does not properly associate
renegotiation handshakes with an existing connection, which allows
man-in-the-middle attackers to insert data into HTTPS sessions,
and possibly other types of sessions protected by TLS or SSL, by
This allows an attacker to cause an appliation crash or potentially to
execute arbitrary code.
However, not all OpenSSL based SSL/TLS servers are vulnerable: A server
is vulnerable if it is multi-threaded and uses OpenSSL's internal caching
mechanism. In particular the Apache HTTP server (which never uses OpenSSL
internal caching) and Stunnel (which includes its own workaround) are NOT
affected.
This upgrade fixes this issue. After the upgrade, any services using the
openssl libraries need to be restarted. The checkrestart script from the
Problem Description:
Multiple vulnerabilities has been found and corrected in subversion:
The walk function in repos.c in the mod_dav_svn module for the Apache
HTTP Server, as distributed in Apache Subversion before 1.6.15,
allows remote authenticated users to cause a denial of service (NULL
pointer dereference and daemon crash) via vectors that trigger the
walking of SVNParentPath collections (CVE-2010-4539).
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15
information.
Background
==========
The Apache HTTP server is one of the most popular web servers on the
Internet.
Affected packages
=================
Problem Description:
A vulnerabilitiy has been found and corrected in apache:
The ap_read_request function in server/protocol.c in the Apache HTTP
Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does
not properly handle headers in subrequests in certain circumstances
involving a parent request that has a body, which might allow remote
attackers to obtain sensitive information via a crafted request that
triggers access to memory locations associated with an earlier request
(CVE-2010-0434).
Problem Description:
Multiple vulnerabilities has been discovered and corrected in apache:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header
that expresses multiple overlapping ranges, as exploited in the
wild in August 2011, a different vulnerability than CVE-2007-0086
(CVE-2011-3192).
Advisory URL: http://securityreason.com/achievement_securityalert/46
Vendor: http://httpd.apache.org
- --- 0.Description ---
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache has been the most popular web server on the Internet since April 1996. The November 2005 Netcraft Web Server Survey found that more than 70% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.
- --- 1. Apache2 XSS Undefined Charset UTF-7 XSS Vulnerability ---
Problem Description:
Multiple vulnerabilities has been discovered and corrected in apache:
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through
2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a
denial of service (memory and CPU consumption) via a Range header
that expresses multiple overlapping ranges, as exploited in the
wild in August 2011, a different vulnerability than CVE-2007-0086
(CVE-2011-3192).
Multiple vulnerabilities in Apache might lead to a Denial of Service.
Background
==========
The Apache HTTP server is one of the most popular web servers on the
Internet.
Affected packages
=================
Problem Description:
A vulnerability was discovered and corrected in subversion:
authz.c in the mod_dav_svn module for the Apache HTTP Server,
as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x
before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not
properly handle a named repository as a rule scope, which allows
remote authenticated users to bypass intended access restrictions
via svn commands (CVE-2010-3315).
Next Page>>
|
