HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.
a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).
8984e6a6d71e3911533469692dc0da853eb51153edc9f05ce6268a71ce2b470d
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09
VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
188b9f0db86834082088170fd33ebb8a50552ab4a702ee3c2405d86f177e52e0
Gentoo Linux Security Advisory GLSA 200803-19 - Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is 413 Request Entity too large (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Versions less than 2.2.8 are affected.
bb8144208f0da8d18360d59060c3a1605ef72264ec3cb3173d5750c515b79066
Ubuntu Security Notice 575-1 - A slew of denial of service and cross site scripting related vulnerabilities have been patched in the apache2 package.
fbd90fd3b1d7a6b5559c9b4afb5b47c7da3fc94863094e4710b15c7ae02b1709
Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30
Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
dda119fab4bbfc092df5941a6d76ce66e859a53e5fab37e511b65b301d0251c9
Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
99928353f403d25058b0be4b7ae1cc98fadff2fc75cd15dec8eded067ebadb82
Apache versions 2.2.6 and below, 1.3.39 and below, and 2.0.61 and below suffer from an undefined charset UTF-7 cross site scripting vulnerability in mod_proxy_ftp.
e2cdd9f15d907b6ab09006e8e495b06ef357dc42c4e5998e9acfa5ecc2f30a8a