Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cd
Mandriva Linux Security Advisory 2015-093 - Updated apache packages fix multiple security vulnerabilities.
19a31025ffbf8447f6cdb3bb70ede57e8f0dce94fcd7cd5d396da9f7fdab3fc1
HP Security Bulletin HPSBUX03150 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
4da09901892670541bc06bce0716f03bf67eec1782653c05c5f559b376b89246
Apple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
e17fe6daa6716a8bb996f53f3b9274ff95d249dbc94abe68b17bc7bb23482ad5
HP Security Bulletin HPSBUX03102 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
af8b2d2dc4651b5c40e03e7712d4122b482e686ce4b4e96895b3bb04d657963a
Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.
74c770647893db7bdefa7fe626d5e7a9771e8d4cd1ddee8a7bd68e3e8bb6436e
Red Hat Security Advisory 2014-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
1006666eba505d9d0f5acae12ac479d75a26d7c23b00dc8a66b510420853c6c1
Red Hat Security Advisory 2014-0825-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
e2cc6edd9514b524df2a0168ce14ebd379972fd2b89fdabba4b8f3035671a0dc
Red Hat Security Advisory 2014-0784-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
2fe962a0ac26681f3b48cc7f43712a45010ac30946e2d8611c69b22787862bf3
Red Hat Security Advisory 2014-0783-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
7970ead449f6465fe4c9d9f66ba3f4bd81ac210eff065518739a14c9b7a31fb3
Red Hat Security Advisory 2014-0370-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
23c24f50fdf21ed836e93f9e4ec870aa900cb7955737b9c8d2d63e617c9d99ef
Red Hat Security Advisory 2014-0369-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
48cf3598512a313242cb90a3736d7889382e931ae4d7eb28d6afcccddcb006f7
Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
11220e483e0470a5c002fab2accd9c67a8f9231abc1cf27ee995893039c1e38c
Ubuntu Security Notice 2152-1 - Ning Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
70897e4a151774b44bf8ff4c6dde27469165bc65253008e06cba703d1f29a859
Mandriva Linux Security Advisory 2014-065 - Multiple vulnerabilities has been found and corrected in apache. XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.
1ec6081089af1f4946cff5868c0d43bfeb1b19c4c7462f3ba46e3d8c8a2f59b2