CVE-2005-2728

Related Files

HP Security Bulletin 2005-12.51

Posted Nov 20, 2005

Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability

systems | hpux

advisories | CVE-2005-2491, CVE-2005-1268, CVE-2005-2728, CVE-2005-2088

SHA-256 | 0c88cd43198ceaaa105ad00fd4c4738c239da351f3bb32f882c51ff2df83961b

Download | Favorite | View

Mandriva Linux Security Advisory 2005.161

Posted Sep 13, 2005

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service.

tags | advisory, denial of service, cgi, php

systems | linux, mandriva

advisories | CVE-2005-2700, CVE-2005-2728

SHA-256 | d8ac7a09a10fda0bcf0e418be47a3e0e0888e664ca28011b661fb6856ae40716

Download | Favorite | View

Debian Linux Security Advisory 805-1

Posted Sep 10, 2005

Authored by Debian | Site debian.org

Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:

tags | advisory, web, vulnerability

systems | linux, debian

advisories | CVE-2005-1268, CVE-2005-2088, CVE-2005-2700, CVE-2005-2728

SHA-256 | 76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0

Download | Favorite | View

Ubuntu Security Notice 177-1

Posted Sep 8, 2005

Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.

tags | advisory, remote, denial of service, vulnerability

systems | linux, ubuntu

advisories | CVE-2005-2700, CVE-2005-2728

SHA-256 | f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0

Download | Favorite | View