Download
| Alert*
oval:org.mitre.oval:def:8550
Apache HTTP Server 2.2.x 64-bit is installed on the system oval:org.secpod.oval:def:41593 The host is installed with Apache HTTP Server 2.2.x through 2.2.32 or 2.4.x before 2.4.25 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle whitespace accepted from requests. Successful exploitation could allow remote attackers to perform reque ... oval:org.secpod.oval:def:41600 The host is installed with Apache HTTP Server 2.2.x before 2.2.34 and 2.4.x before 2.4.27 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to leak confidential informati ... oval:org.mitre.oval:def:6931 mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive re ... oval:org.mitre.oval:def:11491 mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive re ... oval:org.secpod.oval:def:202238 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:2368 The host is installed with Apache HTTP Server 1.3.x or 2.0.x through 2.0.64 or 2.2.x through 2.2.19 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to prevent creation of multiple number of threads that use multiple range headers. Successful explo ... oval:org.secpod.oval:def:1081 The host is installed with Apache HTTP Server and is prone to denial of service vulnerability. A flaw is present in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library, which fails to handle URIs that do not match unspecified types of wildcard patterns. Successfu ... oval:org.secpod.oval:def:201849 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.secpod.oval:def:201893 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.mitre.oval:def:11683 The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. oval:org.secpod.oval:def:3310 The host is installed with Apache HTTP Server 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse pro ... oval:org.secpod.oval:def:500443 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.mitre.oval:def:8651 Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. oval:org.mitre.oval:def:8690 The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable. oval:org.secpod.oval:def:4368 The host is installed with Apache HTTP Server before 2.2.21 and is prone to denial of service vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy_ajp when used together with mod_proxy_balancer. Successful exploitation allows remote attackers to send speciall ... oval:org.secpod.oval:def:1600283 Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user"s ... oval:org.secpod.oval:def:500208 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:6411 The host is installed with Apache 2.4.x before 2.4.2 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a zero-length directory name in the LD_LIBRARY_PATH. Successful exploitation could allow remote attackers to search the current directory ... oval:org.secpod.oval:def:34690 The host is installed with Apache HTTP Server 2.2.x before 2.2.25 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle HTTP request containing an escape sequence for a terminal emulator. Successful exploitation could allow remote atta ... oval:org.secpod.oval:def:34691 The host is installed with Apache HTTP Server before 2.4.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails by proceeding with save operations for a session without considering the dirty flag. Successful exploitation could allow remote attackers to an u ... oval:org.secpod.oval:def:1500110 Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:34689 The host is installed with Apache HTTP Server 2.2.12 through 2.2.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle expensive request. Successful exploitation could allow remote attackers to cause a denial of service (worker consumption) ... oval:org.secpod.oval:def:16968 The host is installed with Apache HTTP Server 2.2.x before 2.2.25 and is prone to a denial of service vulnerability. The flaw is present in the application, which does not properly determine whether DAV is enabled for a URI via a MERGE request in which the URI is configured for handling by the mod_d ... oval:org.secpod.oval:def:501054 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:105756 The Apache HTTP Server is a powerful, efficient, and extensible web server. oval:org.secpod.oval:def:1500169 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:701360 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:1500170 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:9407 The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted string. Successful exploitation allows remote attackers ... oval:org.secpod.oval:def:9408 The host is installed with Apache HTTP Server 2.2.x before 2.2.24-dev or 2.4.x before 2.4.4 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle vectors involving hostnames and URIs in the mod_imagemap, mod_info, mod_lda ... oval:org.secpod.oval:def:1600247 Multiple cross-site scripting vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:202878 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:202877 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:701219 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:4371 The host is installed with Apache HTTP Server 2.2.x and before 2.2.22 and is prone to a denial of service vulnerability. A flaw is present in the application, due to improper handling of httpd child process status information. Successful exploitation could allow attackers to bypass certain security ... oval:org.secpod.oval:def:34699 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a request to a CGI script that does not read from its stdin file descriptor. Successful exploitatio ... oval:org.secpod.oval:def:34698 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted request that triggers improper scoreboard handling within the status_handler function in ... oval:org.secpod.oval:def:34695 The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted cookie during truncation. Successful exploitation could allow remote attackers to ... oval:org.secpod.oval:def:34694 The host is installed with Apache HTTP Server 2.2.x through 2.2.26 or 2.4.x before 2.4.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly remove whitespace characters from CDATA sections. Successful exploitation could allow remote attac ... oval:org.secpod.oval:def:500713 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:3309 The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to interact with use of RewriteRule and ProxyPassMatch pattern matches for config ... oval:org.secpod.oval:def:500745 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:34686 The host is installed with Apache HTTP Server 2.2.x through 2.2.21 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly restrict header information during construction of Bad Request (aka 400) error documents. Successful exploitation ... oval:org.secpod.oval:def:1600004 It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, pos ... oval:org.secpod.oval:def:501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:501221 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:3170 The host is installed with Apache HTTP Server 1.3.x through 1.3.42 or 2.0.x through 2.0.64 or 2.2.x through 2.2.21 and is prone to information disclosure vulnerability. A flaw is present in the application, which is caused by an error in mod_proxy when configured in reverse proxy mode and using the ... oval:org.secpod.oval:def:34693 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x through 2.4.10 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted data. Successful exploitation could allow remote attackers to bypass "RequestHead ... oval:org.secpod.oval:def:47260 The host is installed with Apache HTTP Server 2.2.x before 2.2.32 or 2.4.x before 2.4.24 and is prone to a CRLF Injection vulnerability. A flaw is present in the application, which fails to handle the Location or other outbound header key or value. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:26138 The host is installed with Apache HTTP Server 2.2.x or 2.4.x before 2.4.14 and is prone to HTTP request smuggling attack vulnerabilities. The flaws are present in the chunked transfer coding implementation, which does not properly parse chunk headers. Successful exploitation will allow remote attack ... oval:org.mitre.oval:def:8371 Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. oval:org.mitre.oval:def:11713 The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interi ... oval:org.secpod.oval:def:500320 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.mitre.oval:def:8619 The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted re ... oval:org.secpod.oval:def:201742 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.secpod.oval:def:201748 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.mitre.oval:def:8695 The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensiti ... oval:org.secpod.oval:def:41598 The host is installed with Apache HTTP Server 2.2.32 and 2.4.24 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle ap_find_token(). Successful exploitation could allow remote attackers to cause a segmentation fault, or to force ap_find_token() t ... oval:org.secpod.oval:def:41599 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle mod_mime. Successful exploitation could allow remote attackers to read one byte past the end of a buff ... oval:org.secpod.oval:def:41596 The host is installed with Apache HTTP Server 2.2.x through 2.2.33 or 2.4.x before 2.4.26 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase. Success ... oval:org.secpod.oval:def:41597 The host is installed with Apache HTTP Server 2.2.x before 2.2.33 or 2.4.x before 2.4.26 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle third-party modules. Successful exploitation could allow remote attackers to derefer ... oval:org.secpod.oval:def:34697 The host is installed with Apache HTTP Server 2.2.x through 2.2.27 or 2.4.x before 2.4.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails when request body decompression is enabled. Successful exploitation could allow remote attackers to cause a d ... oval:org.secpod.oval:def:34685 The host is installed with Apache HTTP Server 2.2.17 through 2.2.21 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a %{}C format string. Successful exploitation could allow remote attackers to cause a denial of service (daemon ... oval:org.mitre.oval:def:8439 modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers ... oval:org.mitre.oval:def:8394 Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) ... oval:org.secpod.oval:def:500675 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.mitre.oval:def:8704 The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then ... oval:org.mitre.oval:def:8261 mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. oval:org.mitre.oval:def:7716 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last direct ... oval:org.secpod.oval:def:202112 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.mitre.oval:def:8616 The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:500531 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:202212 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:202155 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.mitre.oval:def:8662 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pac ... oval:org.secpod.oval:def:201984 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.mitre.oval:def:8087 The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. oval:org.mitre.oval:def:8632 The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption). oval:org.secpod.oval:def:202198 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:202179 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:500700 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:24274 The host is installed with Microsoft IE 11, Edge, Mozilla Firefox before 44.0 or Google Chrome before 48.0.2564.82 and is prone to a bar mitzvah attack vulnerability. A flaw is present in the RC4 algorithm, which does not properly combine state data with key data during the initialization phase. Suc ... |