CVE-2015-0228

Related Files

Apple Security Advisory 2015-09-16-4

Posted Sep 19, 2015

Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution

systems | apple, osx

advisories | CVE-2013-5704, CVE-2014-0067, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2014-8161, CVE-2014-8500, CVE-2015-0228, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-0253, CVE-2015-1349, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, CVE-2015-3183, CVE-2015-3185, CVE-2015-5911

SHA-256 | 8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2

Download | Favorite | View

Red Hat Security Advisory 2015-1666-01

Posted Aug 24, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1666-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.

tags | advisory, remote, web

systems | linux, redhat

advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185

SHA-256 | 0f0af590cf4c621e7c0a3e37a8fe52a41b798cb1d1718c319834d751b885ed27

Download | Favorite | View

Slackware Security Advisory - httpd Updates

Posted Jul 20, 2015

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory

systems | linux, slackware

advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185

SHA-256 | 36799e7bd8fbb814ff99012997a8e5d129d9c75f98b4f4fa759d4b8c20dff96f

Download | Favorite | View

Mandriva Linux Security Advisory 2015-093

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-093 - Updated apache packages fix multiple security vulnerabilities.

tags | advisory, vulnerability

systems | linux, mandriva

advisories | CVE-2013-6438, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, CVE-2014-3581, CVE-2014-5704, CVE-2014-8109, CVE-2015-0228

SHA-256 | 19a31025ffbf8447f6cdb3bb70ede57e8f0dce94fcd7cd5d396da9f7fdab3fc1

Download | Favorite | View

Ubuntu Security Notice USN-2523-1

Posted Mar 10, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2523-1 - Martin Holst Swende discovered that the mod_headers module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. Mark Montague discovered that the mod_cache module incorrectly handled empty HTTP Content-Type headers. A remote attacker could use this issue to cause the server to stop responding, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service

systems | linux, ubuntu

advisories | CVE-2013-5704, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228

SHA-256 | b5a9d704b449f39d01062d26900f37e7a1d8336e27bd24dc58719568e3d644a3

Download | Favorite | View