RSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.
703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426Apple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cdMandriva Linux Security Advisory 2015-093 - Updated apache packages fix multiple security vulnerabilities.
19a31025ffbf8447f6cdb3bb70ede57e8f0dce94fcd7cd5d396da9f7fdab3fc1HP Security Bulletin HPSBUX03150 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
4da09901892670541bc06bce0716f03bf67eec1782653c05c5f559b376b89246Apple Security Advisory 2014-10-16-1 - OS X Yosemite v10.10 is now available and addresses 802.1X, AFP file server, Apache, App Sandbox, and various other vulnerabilities.
e17fe6daa6716a8bb996f53f3b9274ff95d249dbc94abe68b17bc7bb23482ad5HP Security Bulletin HPSBUX03102 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
af8b2d2dc4651b5c40e03e7712d4122b482e686ce4b4e96895b3bb04d657963aGentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.
74c770647893db7bdefa7fe626d5e7a9771e8d4cd1ddee8a7bd68e3e8bb6436eRed Hat Security Advisory 2014-0826-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
1006666eba505d9d0f5acae12ac479d75a26d7c23b00dc8a66b510420853c6c1Red Hat Security Advisory 2014-0825-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
e2cc6edd9514b524df2a0168ce14ebd379972fd2b89fdabba4b8f3035671a0dcRed Hat Security Advisory 2014-0784-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
2fe962a0ac26681f3b48cc7f43712a45010ac30946e2d8611c69b22787862bf3Red Hat Security Advisory 2014-0783-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
7970ead449f6465fe4c9d9f66ba3f4bd81ac210eff065518739a14c9b7a31fb3Red Hat Security Advisory 2014-0370-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
23c24f50fdf21ed836e93f9e4ec870aa900cb7955737b9c8d2d63e617c9d99efRed Hat Security Advisory 2014-0369-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
48cf3598512a313242cb90a3736d7889382e931ae4d7eb28d6afcccddcb006f7Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
11220e483e0470a5c002fab2accd9c67a8f9231abc1cf27ee995893039c1e38cUbuntu Security Notice 2152-1 - Ning Zhang & Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
70897e4a151774b44bf8ff4c6dde27469165bc65253008e06cba703d1f29a859Mandriva Linux Security Advisory 2014-065 - Multiple vulnerabilities has been found and corrected in apache. XML parsing code in mod_dav incorrectly calculates the end of the string when removing leading spaces and places a NUL character outside the buffer, causing random crashes. This XML parsing code is only used with DAV provider modules that support DeltaV, of which the only publicly released provider is mod_dav_svn. A flaw was found in mod_log_config. A remote attacker could send a specific truncated cookie causing a crash. This crash would only be a denial of service if using a threaded MPM. The updated packages have been upgraded to the latest 2.2.27 version which is not vulnerable to these issues.
1ec6081089af1f4946cff5868c0d43bfeb1b19c4c7462f3ba46e3d8c8a2f59b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed