Gentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.
384b2487f5f9cd58a858736f481966a3ddea24b706867ab02a3f57c4c6800e0f
Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
8b3987f6e40fef85052bc1517ccdd155b8785e42c315e04f9e426c3eaf558929
Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.
376715e8712ee30354e348ebd39de77f32d1502ee20f1d7c87fee06fdef8376b
Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.
7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0
Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fb
HP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
7999f71fbcd8709c32f927c331d72a48a33196832c69bf214321a6a0024ddec9
HP Security Bulletin HPSBUX02707 SSRT100626 2 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
2bc580cebeaede10bf326b7f8b67beb2822682b19ca788d5dc123a8023251ae1
Red Hat Security Advisory 2011-1391-01 - The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
fa52da6f043cacb48e73017394b763ecd084cb2327279a656bc387db875101fc
Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
a70e4675d43ff217a15c5bd0fc1cb4a7f7389f9a4f764dc36f60527a83d3e971
HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
8c8491ffbdea51197735b916bafae7e01bedf7e73d74f78a14d32b3f74aa0016