HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.
5dbefc2f5ce267adce1e15986e02edbb8a3cd8b62ebf6a7c096957f60f594794HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
21c104d295b4ae2e63eb3ca4f8927d747e86151bd3754aa34134f75312b342b7Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.
40b0db811b217e85fb6806b53d13edb126d8f6537576e1fb80a6d9e6c2266a62HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.
856251204fbecc5944b74b48232e96b353c5844f102f2b4ea9de3e11e27b5a7dGentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.
384b2487f5f9cd58a858736f481966a3ddea24b706867ab02a3f57c4c6800e0fHP Security Bulletin HPSBMU02748 SSRT100772 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). Revision 1 of this advisory.
7fae2700afe344be38de57d49ac19bea29b89131596241416dbf472e479b30dcUbuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.
fa8c135df3525e7c504b7b8471eb4ffb02bbcb4cef2d2668c2621785aaf45c6cRed Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
47e04bdea922f45dbb611a67d0f33763ce878e42f56c0cde78a5dc761c2218f2Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.
d918adbd8e8a933420c61087ab85772332adaaf1a957177ead0deb868b6d1325Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.
b0c6203ca4497541242454515790d9cfda365dfb81c65448ab664a3e143985e1Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.
85672817e23c25e72bd6c9922fb22ec525d83fee8b06bd7f90f95794e0e9561dMandriva Linux Security Advisory 2012-003 - Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a.htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of RewriteRule and ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an \@ character and a : character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. The updated packages have been patched to correct these issues.
c67cf79a3c62b81057754ad363ae14900efdb1f1fcbad2d4c3fd00086a37d2b6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed