Apache v2.0.43 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
340e0f3ddc87e1dd13973c52b1bc99ec86ac5b5ef5cc105cda34cc7ff32d0d93Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32httpdx versions 1.5.4 and below suffer from a heap overflow vulnerability.
418b2d4fcc760866c7a677f04fa2344dd4f3cb2e1e8f863757935f0943065894DomsHttpd versions 1.0 and below suffer from a remote denial of service vulnerability.
df48c1ebd005e29be57fe7d977ca199ab00f6e3cc3896927df8c2e16e4d2d267Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
be342307962d2a0aba931e86cb2c6c1accf14360770bfcdedc4165480978b07dRed Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
ee17c0226e885f70c197193cd8587c7e1e7303d76510efafd7f64a7c8aa78b8bGentoo Linux Security Advisory 201206-27 - A vulnerability in mini_httpd could allow remote attackers to execute arbitrary code. Versions 1.19 are affected.
87c1bf2ba044441fd74540a0b65c69fbd2d27400adcbdd091fba40fccb179827Secunia Security Advisory - Gentoo has acknowledged a vulnerability in mini_httpd, which can be exploited by malicious people to compromise a vulnerable system.
e6490165d846da9d183685c5d975888943930ecf8110ab08f74742988d096171Red Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
106f6909d35fc9d2c45a96191a20b629c3f0868b4f173b821e361478e556f98fRed Hat Security Advisory 2012-1011-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
0530c812543209282f4bf0533f0bd0d70ac3922e7ba41df6881a413649ce38f7Red Hat Security Advisory 2012-1010-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
a3e123ba9128524e55deba67d0d7d09321e5a926d90ee63360e4cb28d0eea991Red Hat Security Advisory 2012-0570-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
1f28378d0ad201c2be56e3429b494b0bf3230369093643c49c69f56fdcc942e8Red Hat Security Advisory 2012-0569-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
6218bc8f5d0ee2624be013e11b2454abffb4522d8ca0ffee847130393b0ae5a9Red Hat Security Advisory 2012-0568-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
77a5db79cca25156e2386fcc7b3aade4609ae4b31d017abde0d1c9b628025140Red Hat Security Advisory 2012-0547-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts.
cf433296092f3f1e23f59cf22f40a5f23112bca55e0461faaf2d616f4aaf07bbRed Hat Security Advisory 2012-0546-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts.
370b85d0ff129582e77ad077b5afa1a0ec4a18b11acbece33fd34bbf9776cf74Secunia Security Advisory - Red Hat has issued an update for httpd. This fixes two weaknesses and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
5a125591a7a47e03e0d4a00eae5226ea6b77f2edd2c797f2170ed3be3be9f0daRed Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccdSecunia Security Advisory - Red Hat has issued an update for httpd. This fixes two weaknesses and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
b723e0b2563966e1e7b7818be38134876881e65b016b617777f7524111064812Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.
d918adbd8e8a933420c61087ab85772332adaaf1a957177ead0deb868b6d1325Secunia Security Advisory - SUSE has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
05a7d48ab9749c07cf4205029eb63bdcf9ba129ab871cb52571cae49ac9b755fDebian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.
b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1Torrent-Stats suffers from a denial of service vulnerability in httpd.c.
800bc0f63fdba947738b01388e1c4834532ab1fc95c5b2912e467da4293d8011Red Hat Security Advisory 2012-0093-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
c1ccf133b3eac49d7de702ba74cf8c5920a60f874a1f49c1afb5030647c07f22Red Hat Security Advisory 2012-0092-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
68786120785a0ab41d6fc979c985ac7e49c48e28d4cc7e8e10b000204e3b9d51
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed