Download
| Alert*
|
oval:org.secpod.oval:def:26137
The host is installed with Apache HTTP Server 2.4.x before 2.4.14 and is prone to a security bypass vulnerability. A flaw is present in the ap_some_auth_required function in server/request.c, which does not consider that a Require directive may be associated with an authorization setting rather than ... oval:org.secpod.oval:def:26612 The host is installed with Xcode before 7.0 on Apple Mac OS X 10.10.4 or later, Apple Mac OS X or Server 10.9.5 or 10.10.x through 10.10.4 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not consider that a Require directive may be associated with an ... oval:org.secpod.oval:def:28657 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-16-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to obtain sensitive i ... oval:org.secpod.oval:def:109370 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:203703 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1501134 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:109306 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:602202 The security update from DSA-3325-1 caused a regression for the oldstable distribution . In some configurations, apache2 would fail to start with a spurious error message about the certificate chain. This update fixes this problem. For reference, the text of the original advisory follows: Several vu ... oval:org.secpod.oval:def:504787 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:52535 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP server. oval:org.secpod.oval:def:1501364 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:501639 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:702675 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP server. oval:org.secpod.oval:def:1200130 It was discovered that in httpd 2.4, the internal API function ap_some_auth_required could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. Multiple flaws ... oval:org.secpod.oval:def:602182 Several vulnerabilities have been found in the Apache HTTPD server. CVE-2015-3183 An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking ... oval:org.secpod.oval:def:26707 The host is missing a security update according to Apple advisory, APPLE-SA-2015-08-13-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation may lead to an unexpected application terminati ... |
