Apache v2.0.43 - Apache is the most popular webserver on the Internet, and ranks well in terms of security, functionality, efficiency, and speed. Changelog available here.
340e0f3ddc87e1dd13973c52b1bc99ec86ac5b5ef5cc105cda34cc7ff32d0d93A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
5d5a40e4d8f57c587755cd3f5ff822e2259dd225fa37f5f99b5edcce51cf091dA denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache HTTPd server. Both the 1.3 and 2.x releases are affected. An attack tool is circulating in the wild. Active use of this tool has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
a9690ce85ab38ad4c6cee06d55ad11d445eea51f1cdb17fcbcf5b56233597938Apache httpd remote denial of service memory exhaustion exploit.
5fdda8b150aea034561a2b99bc1c71da2c6f225ee078695da41e6e725f0e4a7dSimple HTTPd version 1.42 PUT request remote buffer overflow exploit.
0252f9817102dd7dc326bcc8709a4f571708533f062b11b61019aeedce1db410Simple HTTPd version 1.42 denial of service exploit.
983ba160baafe038dbef7b4b94dae3df66ed0a1b8efcefb1163821f13b7b28a7Red Hat Security Advisory 2011-0862-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. Various other issues were also addressed.
1ff98c5c00208f3cbe3c94f264edd5b646b681a3f2f0cf7c2caec93cbe9a9454Red Hat Security Advisory 2011-0861-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. Various other issues were also addressed.
61b36e4ad1a6f0b75382a4c6f82d8f8e00315ffa03ef57737348fb9747bb6e7fMandriva Linux Security Advisory 2011-106 - The mod_dav_svn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may in certain scenarios enter a logic loop which does not exit and which allocates emory in each iteration, ultimately exhausting all the available emory on the server which can lead to a denial of service. The mod_dav_svn Apache HTTPD server module may leak to remote users the file contents of files configured to be unreadable by those users.
db5fe256ef577b1b631f68ced08339d66969930e81aff27ca5f3917b3f80347aRed Hat Security Advisory 2011-0844-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. Various other issues were also addressed.
10c43bcfd8ec38f49e9fbbef97f03e10a6e47e439f21881be0d699f358706139Debian Linux Security Advisory 2237-1 - A flaw was found in the APR library, which could be exploited through Apache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex contained files with sufficiently long names, a remote attacker could send a carefully crafted request which would cause excessive CPU usage. This could be used in a denial of service attack.
c23f7d122bf00732fd57c168870b2d9b88cfca00ec85f779d9841ab56b4fcd1fMandriva Linux Security Advisory 2011-084 - It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching.
45271e52457dd5e159581d09ef78f8d9ecb63ab04f93a3fbb88d31810af7cf0dA directory traversal vulnerability in jHTTPd version 0.1a can be exploited to read files outside of the web root.
7714d7d0c2b394430f94ade33e5d1ee5451a1d69f42ee28c049bb489a1ee60b5Debian Linux Security Advisory 2202-1 - MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package.
b928a735f521bacebfb2c8190a7619edeff9aeca300224b2d84504d193d6561bNostromo (nhttpd) versions 1.9.3 and below suffer from a directory traversal vulnerability.
21642ad06a6be195db94145ad06272a939d44c4341d01becfc5db1a0b9bb3907Caedo HTTPd Server version 0.5.1 ALPHA remote file download exploit.
1c8e2d236567807f28efa5fcb99ff260c326c3e73df7f896942fe3a3700a4abbDebian Linux Security Advisory 2141-4 - The openssl update in DSA-2141-1 caused a regression in lighttpd. Due to a bug in lighttpd, the server fails to start in some configurations if using the updated openssl libraries. This update fixes this problem.
6d8bf518952bb36182005427e9e1ac90e6b3e956a42a79dda732a59c8ea917f8httpdASM version 0.92 suffers from a directory traversal vulnerability.
55fd5686b91769bd5470387d8ce679f661312835161b3fdc62aebdaf85dbecb5Secunia Security Advisory - John Leitch has discovered a vulnerability in httpdASM, which can be exploited by malicious people to disclose system information.
85880f2d58ff8eb7eff54886a01d202616d9050c66654732aede035bcbec8099Debian Linux Security Advisory 2117-1 - APR-util is part of the Apache Portable Runtime library which is used by projects such as Apache httpd and Subversion. Jeff Trawick discovered a flaw in the apr_brigade_split_line() function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service.
67cbe05ab7fb997c5c2fe794fbdf3cf7157f9155c673e328458a27e75c48fbcaVMware Security Advisory - VMware Workstation and Player address a potential installer security issue and security issues in libpng. VMware ACE Management Server (AMS) for Windows updates Apache httpd.
c598de56110b9b1285f2b8e0d5afbeeb93abb4d32d2d9e62b9bdc9c16b71278bSecunia Security Advisory - Red Hat has issued an update for httpd. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
5e6e7da1dc37c73df39c61f0370a98e8c3f842d0eff70b33026c17979483834aSecunia Security Advisory - Two vulnerabilities have been discovered in httpdx, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malicious users to potentially compromise a vulnerable system.
521ca46903533ccd6bcfa1c5a0b354d4be4a85dd33510ad3535f6f7d8cd47c5bHttpdx version 1.5.4 suffers from a denial of service vulnerability.
c50cbe6ab8e481d9566cbb0cc8fc9fc3d5e297d5737b205731166875e8d04795Mandriva Linux Security Advisory 2010-153 - The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service via a request that lacks a path. mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
444c83bf883527ec99f5774bd35218e9bfc7120a9811519671377a06461fea59Secunia Security Advisory - Fedora has issued an update for httpd. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
51a4aca892ed242fed8fa3341fbbe2cc7e0fe93c3fc6fc1078b9b64e03f025c4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed