HPE Security Bulletin HPSBUX03512 SSRT102254 1 - Potential security vulnerabilities have been identified with HP-UX Web Server Suite running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts including.. - The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
18b317e7f0098c34b8f49719b2e63ed788cd23d93ced85911b489c5da5329541HP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5HP Security Bulletin HPSBMU03380 1 - Multiple potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), Cross-site Request Forgery (CSRF), execution of arbitrary code, unauthorized modification, unauthorized access, or disclosure of information. Revision 1 of this advisory.
b24b33b6953298c7dff07ba7ebf547fe10934e4d227a0e52094bde980503367cRSA Validation Manager versions 3.2 prior to build 201 suffer from race condition, cross site scripting, denial of service, and various other vulnerabilities.
703e04b821a0df9e65975d31c6a38a8fc2688b91256b2bfeecf3b49ca2c66426HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
754fae670041f7a697aa8004120dac15eb6d07f2889f1104112f7ee98c3f9f82Gentoo Linux Security Advisory 201504-3 - Multiple vulnerabilities have been found in Apache HTTP Server, the worst of which could lead to arbitrary code execution. Versions less than 2.2.29 are affected.
93bdb4060115f5f696951b76a71bbae405be0ae58b613775011d6f63d2a80a0cApple Security Advisory 2015-04-08-2 - OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address privilege escalation, code execution, information disclosure, and various other vulnerabilities.
bfdc53ae50c366d1018234c77470fabd66ae9360537370dafd782122121b89cdMandriva Linux Security Advisory 2015-093 - Updated apache packages fix multiple security vulnerabilities.
19a31025ffbf8447f6cdb3bb70ede57e8f0dce94fcd7cd5d396da9f7fdab3fc1RSA Certificate Manager versions prior to 6.9 Build 558 and RSA Registration Manager versions prior to 6.9 Build 558 suffer from cross site scripting and denial of service vulnerabilities.
b747d0ad2d5769c903036e95aae093e5e18483d9866dae57c158e7ac519e6401Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
1869ac672baeb6d6231ed4264632e0262537ca84832e3d8b68ec845527428f94Red Hat Security Advisory 2014-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
7b43399c8297d76dd46dd0933745d26b4de10eebe9f700a43e687901819a236bRed Hat Security Advisory 2014-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
4da1d3ba75d748e08e95de45e5cf1defc759a9a506037cddf827b73f39496145Red Hat Security Advisory 2014-1019-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
ee57b0752054c43c73ccfbef2be9383a8676fce1f41ed04ca808762b2f1d516fRed Hat Security Advisory 2014-1020-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
804065533729790a5b99749f6de4660a768da8c982fc223f3cfb43c91e6a636cRed Hat Security Advisory 2014-1021-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
22e9d1dba5571b19e90edd9bd75c20402a5f2b415a003632541ae628f3d33b93Mandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.
6643c25c7b920a477f9ecad591516b72e4c07aed6b35d1aaad3b6ab25aeab395Debian Linux Security Advisory 2989-1 - Several security issues were found in the Apache HTTP server.
6a2e0fe2e7dd2939b32d62124cbffac15ed98b20d36d18e10fd6076278bcd60cSlackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
8b2ce2fa4eaa2da3d41503e0ff66afd040e6de3710d8ec4fb82e11f6fde37915Red Hat Security Advisory 2014-0921-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.
5f6342d6a0ba942fed1212f30532f2a6f06b9ce40839eb606fcaa582d6020ed3Red Hat Security Advisory 2014-0920-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
7a830cef22aa2d0447ea727c0b8c19ebb2b6de8d903602bcceaa93477c2004d8Red Hat Security Advisory 2014-0922-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.
e474b0462ddaef58ac68027aa2da2ff235007fd49f59f3fd341b94b4a0cbdbb9Ubuntu Security Notice 2299-1 - Marek Kroemeke discovered that the mod_proxy module incorrectly handled certain requests. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS. Giancarlo Pellegrino and Davide Balzarotti discovered that the mod_deflate module incorrectly handled body decompression. A remote attacker could use this issue to cause resource consumption, leading to a denial of service. Various other issues were also addressed.
52c1adb5bf8f07e13c58b7beb3414522ce15e2686f455949248cc1c2d9b6f33f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed