what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2012-0031

Status Candidate

Overview

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

Related Files

HP Security Bulletin HPSBMU02786 SSRT100877 2
Posted May 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794
HP Security Bulletin HPSBOV02822 SSRT100966
Posted Oct 10, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031
SHA-256 | 21c104d295b4ae2e63eb3ca4f8927d747e86151bd3754aa34134f75312b342b7
Apple Security Advisory 2012-09-19-2
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-3026, CVE-2011-3048, CVE-2011-3368, CVE-2011-3389, CVE-2011-3607, CVE-2011-4313, CVE-2011-4317, CVE-2011-4599, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0643, CVE-2012-0650, CVE-2012-0652, CVE-2012-0668, CVE-2012-0670, CVE-2012-0671, CVE-2012-0831, CVE-2012-1172, CVE-2012-1173, CVE-2012-1667, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2386, CVE-2012-2688, CVE-2012-3716, CVE-2012-3718
SHA-256 | 40b0db811b217e85fb6806b53d13edb126d8f6537576e1fb80a6d9e6c2266a62
HP Security Bulletin HPSBMU02786 SSRT100877
Posted Jun 28, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
SHA-256 | 856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7d
Gentoo Linux Security Advisory 201206-25
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0408, CVE-2010-0434, CVE-2010-1452, CVE-2010-2791, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0883
SHA-256 | 384b2487f5f9cd58a858736f481966a3ddea24b706867ab02a3f57c4c6800e0f
Red Hat Security Advisory 2012-0542-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 8b3987f6e40fef85052bc1517ccdd155b8785e42c315e04f9e426c3eaf558929
Red Hat Security Advisory 2012-0543-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 376715e8712ee30354e348ebd39de77f32d1502ee20f1d7c87fee06fdef8376b
HP Security Bulletin HPSBUX02761 SSRT100823
Posted Apr 21, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02761 SSRT100823 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege. Revision 1 of this advisory.

tags | advisory, denial of service, local, vulnerability
systems | hpux
advisories | CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 319215a9d1fc376117b39017f2de91098d97f397f16927e876fc23c36ab2c613
HP Security Bulletin HPSBMU02748 SSRT100772
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02748 SSRT100772 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 7fae2700afe344be38de57d49ac19bea29b89131596241416dbf472e479b30dc
Red Hat Security Advisory 2012-0323-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2012-0031, CVE-2012-0053
SHA-256 | 4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccd
Ubuntu Security Notice USN-1368-1
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6c
Red Hat Security Advisory 2012-0128-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
SHA-256 | 47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2
Slackware Security Advisory - httpd Updates
Posted Feb 13, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | d918adbd8e8a933420c61087ab85772332adaaf1a957177ead0deb868b6d1325
Debian Security Advisory 2405-1
Posted Feb 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3607, CVE-2011-3368, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
SHA-256 | b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1
Mandriva Linux Security Advisory 2012-012
Posted Feb 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 6f910e90fc2f1a633ad2fd724e320c739e9c5863ff65b37c5dbb3c731e69621f
Apache 2.2.22 Multiple Updates
Posted Feb 2, 2012
Site httpd.apache.org

Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.

tags | advisory, web, denial of service, overflow, vulnerability
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
SHA-256 | 85672817e23c25e72bd6c9922fb22ec525d83fee8b06bd7f90f95794e0e9561d
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close