Next Page >>
Apache httpd
Rapid7 Advisory R7-0033
Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
Discovered: July 25, 2008
Published: August 5, 2008
Revision: 1.1
http://www.rapid7.com/advisories/R7-0033
CVE: CVE-2008-2939
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0010
Synopsis: VMware Hosted products update libpng and Apache HTTP
Server
Issue date: 2009-08-20
Updated on: 2009-08-20 (initial release of advisory)
CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863
CVE-2006-5752 CVE-2007-3304 CVE-2007-6388
CVE-2007-5000 CVE-2008-0005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service
Vulnerability
Advisory ID: cisco-sa-20110830-apache
Revision 1.0
in apr-util:
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
(CVE-2009-2412).
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
in apr-util:
The apr_strmatch_precompile function in strmatch/apr_strmatch.c in
Apache APR-util before 1.3.5 allows remote attackers to cause a denial
of service (daemon crash) via crafted input involving (1) a .htaccess
file used with the Apache HTTP Server, (2) the SVNMasterURI directive
in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2
module for the Apache HTTP Server, or (4) an application that uses
the libapreq2 library, related to an underflow flaw. (CVE-2009-0023).
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in
SOS-10-002
Release Date. 5-Mar-2010
Last Update. -
Vendor Notification Date. 9-Feb-2010
Product. Apache HTTP Server
Platform. Microsoft Windows
Affected versions. 2.2.14 verified and
possibly others.
Severity Rating. High
Impact. System access
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-1452 CVE-2011-3192
Two issues have been found in the Apache HTTPD web server:
CVE-2011-3192
A vulnerability has been found in the way the multiple overlapping
ranges are handled by the Apache HTTPD server. This vulnerability
1. Summary
VMware Workstation and Player address a potential installer security
issue and security issues in libpng. VMware ACE Management Server
(AMS) for Windows updates Apache httpd.
2. Relevant releases
VMware Workstation 7.1.1 and earlier,
VMware Player 3.1.1 and earlier,
Problem Description:
Multiple vulnerabilities were discovered and corrected in subversion:
The mod_dav_svn Apache HTTPD server module will dereference a NULL
pointer if asked to deliver baselined WebDAV resources which can lead
to a DoS (Denial Of Service) (CVE-2011-1752).
The mod_dav_svn Apache HTTPD server module may in certain cenarios
enter a logic loop which does not exit and which allocates emory in
control system. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2011-1752
The mod_dav_svn Apache HTTPD server module can be crashed though
when asked to deliver baselined WebDAV resources.
CVE-2011-1783
The mod_dav_svn Apache HTTPD server module can trigger a loop which
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1176
Debian Bug : 618857
MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that
is included in Debian's apache2 package.
A configuration parsing flaw has been found in MPM_ITK. If the
configuration directive NiceValue was set, but no AssignUserID directive
was specified, the requests would be processed as user and group root
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method
Vulnerability found: 7 November 2007
Vendor contacted: 14 November 2007
Risk factor: N/A
The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method.
attackers to cause a denial of service (crash) via a multipart form
datapost request with a missing part header name, which triggers a
NULL pointer dereference (CVE-2009-1902).
The PDF XSS protection feature in ModSecurity before 2.5.8 allows
remote attackers to cause a denial of service (Apache httpd crash)
via a request for a PDF file that does not use the GET method
(CVE-2009-1903).
This update provides mod_security 2.5.9, which is not vulnerable to
these issues.
section 3.4.1 for compatibility problems.
Internet Explorer's autodetection of UTF-7 clearly violates this
specification, introducing the opportunity for myriad similar attacks.
There are several workarounds in Apache HTTP Server to prevent Microsoft's
vulnerability, including
AddDefaultCharset ISO-8859-1
or by enabling multilanguage error docs (with explicit charsets) by simply
Problem Description:
Multiple vulnerabilities was discovered and corrected in apache:
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in
the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13
allows remote FTP servers to cause a denial of service (NULL pointer
dereference and child process crash) via a malformed reply to an EPSV
command (CVE-2009-3094).
The mod_proxy_ftp module in the Apache HTTP Server allows remote
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Apache HTTP daemon allow for local
privilege escalation, information disclosure or Denial of Service
attacks.
Background
==========
For more information on the ARCserve Patch Management utility,
read document TEC446265.
Workaround:
As a workaround solution, disable the Apache HTTP Server with the
"stopgui" command. To re-enable the server, run "startgui".
Stopping the Apache HTTP Server will prevent the ARCserve user
from performing GUI operations. Most of the operations provided by
the GUI can be accomplished via the command line.
logging in with an admin account delivers the current startup
configuration file:
https://192.168.0.1/cgi-bin/export-cgi?category=config&arg0=startup-config.conf
The Apache httpd in the standard configuration allows appending
arbitrary paths to CGI scripts. The server saves the extra path in the
environment variable PATH_INFO and executes the CGI script (this can be
disabled by setting "AcceptPathInfo" to "off"[4]). Therefore, appending
the string "/images/" and requesting the following URL also executes the
"export-cgi" script and outputs the current configuration file:
Multiple vulnerabilities has been found and corrected in apache:
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c
in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to
cause a denial of service (memory consumption) via multiple calls, as
demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm (CVE-2008-1678). Note
that this security issue does not really apply as zlib compression
is not enabled in the openssl build provided by Mandriva, but apache
is patched to address this issue anyway (conserns 2008.1 only).
Problem Description:
Multiple vulnerabilities has been found and corrected in apache:
The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x
before 2.2.16 allow remote attackers to cause a denial of service
(process crash) via a request that lacks a path (CVE-2010-1452).
mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix,
does not close the backend connection if a timeout occurs when reading
http://marc.info/?l=bugtraq&m=104612710031920&w=2
[6] Eterm Screen Dump Escape Sequence Local File Corruption Vulnerability
http://www.securityfocus.com/bid/6936/discuss
[7] RXVT Screen Dump Escape Sequence Local File Corruption Vulnerability
http://www.securityfocus.com/bid/6938/discuss
[8] Apache httpd 1.3 vulnerabilities
http://httpd.apache.org/security/vulnerabilities_13.html
[9] Apache httpd 2.2 vulnerabilities
http://httpd.apache.org/security/vulnerabilities_22.html
X. CREDIT
VI. SYSTEMS AFFECTED
-------------------------
ModSecurity between 2.5.5 and 2.5.8 are vulnerable, other versions may
be affected.
Tested with Apache httpd 2.2.11.
VII. SOLUTION
-------------------------
Upgrade to version 2.5.9 of ModSecurity. It can be downloaded from
http://modsecurity.org/download/
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-1623
APR-util is part of the Apache Portable Runtime library which is used
by projects such as Apache httpd and Subversion.
Jeff Trawick discovered a flaw in the apr_brigade_split_line() function
in apr-util. A remote attacker could send crafted http requests to
cause a greatly increased memory consumption in Apache httpd, resulting
in a denial of service.
On July 15 OuTian reported a vulnerability in Apache Tomcat[2] whereby
overwide byte sequences in utf-8 could bypass both Apache Tomcat access
control restrictions as well as path decoding logic.
On July 17 Simon Ryeo reported[3] a variation of the same vulnerability in
Apache httpd server when proxying content generated from Tomcat.
Remy Maucherat wrote a patch to address this particular expression of the
vector for Tomcat 6.0.x[4] which also mitigates against any similar but as
yet undiscovered decoding vulnerabilities. This patch has also been ported
to 5.5.x[5] and 4.1.x[6]. On July 31st the Apache Software Foundation
attackers to cause a denial of service (crash) via a multipart form
datapost request with a missing part header name, which triggers a
NULL pointer dereference (CVE-2009-1902).
The PDF XSS protection feature in ModSecurity before 2.5.8 allows
remote attackers to cause a denial of service (Apache httpd crash)
via a request for a PDF file that does not use the GET method
(CVE-2009-1903).
This update provides mod_security 2.5.9, which is not vulnerable to
these issues.
Impact
======
A remote attacker could exploit these vulnerabilities by connecting to
an Apache httpd, by causing an Apache proxy server to connect to a
malicious server, or by enticing a balancer administrator to connect to
a specially-crafted URL, resulting in a Denial of Service of the Apache
daemon.
Workaround
Next Page>>
|
