Download
| Alert*
oval:org.secpod.oval:def:202238
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:201680 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:201687 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:2368 The host is installed with Apache HTTP Server 1.3.x or 2.0.x through 2.0.64 or 2.2.x through 2.2.19 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to prevent creation of multiple number of threads that use multiple range headers. Successful explo ... oval:org.secpod.oval:def:500263 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:500067 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.mitre.oval:def:7923 Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-bas ... oval:org.secpod.oval:def:4368 The host is installed with Apache HTTP Server before 2.2.21 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy_ajp when used together with mod_proxy_balancer. Successful exploitation allows remote attackers to send speciall ... oval:org.secpod.oval:def:500992 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ... oval:org.secpod.oval:def:202510 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options ... oval:org.secpod.oval:def:500208 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:105756 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:202579 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ... oval:org.secpod.oval:def:6411 The host is installed with Apache 2.4.x before 2.4.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a zero-length directory name in the LD_LIBRARY_PATH. Successful exploitation could allow remote attackers to search the current directory ... oval:org.secpod.oval:def:34691 The host is installed with Apache HTTP Server before 2.4.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails by proceeding with save operations for a session without considering the dirty flag. Successful exploitation could allow remote attackers to an u ... oval:org.secpod.oval:def:1500110 Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:500949 The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews ... oval:org.secpod.oval:def:500117 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:500713 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:4371 The host is installed with Apache HTTP Server 2.2.x and before 2.2.22 and is prone to a denial of service vulnerability. A flaw is present in the application, due to improper handling of httpd child process status information. Successful exploitation could allow attackers to bypass certain security ... oval:org.secpod.oval:def:3170 The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy when configured in reverse proxy mode and using the ... oval:org.secpod.oval:def:3309 The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to interact with use of RewriteRule and ProxyPassMatch pattern matches for config ... oval:org.secpod.oval:def:500745 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:202155 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:202198 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:500675 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.mitre.oval:def:8616 The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:500531 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:202179 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... |