HP Security Bulletin HPSBUX02612 SSRT100345 - Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). Revision 1 of this advisory.
b1f190998016e144317781b119e85f9b8dd0c136204c8fe53bffb4d260a8e398Mandriva Linux Security Advisory 2009-323 - Multiple vulnerabilities has been found and corrected in apache. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e56a54d6bdc82b29375d1213af66206fb4ca08275ca3ccd4eb0ad21e18bffd71Debian Security Advisory 1834-2 - The previous update caused a regression for apache2 in Debian 4.0 "etch". Using mod_deflate together with mod_php could cause segfaults when a client aborts a connection. This update corrects this flaw. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch". A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. A similar flaw related to HEAD requests for compressed content was also fixed.
2bb04b990a52bd709d6c38bea3fd00f71adef9c7a03e217b9679cec6bd703f6dMandriva Linux Security Advisory 2009-168 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.
51af7fbbcf69f4c39daf6a87f28edbccbdb261cd9fcbdb694531c6f7bf7e57f2Debian Security Advisory 1834 - A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. This issue did not affect Debian 4.0 "etch".
394bd714165a039d9f2115b6f7eefc7d36507ac113647e9ee3d8eace6c4beaf8Ubuntu Security Notice USN-802-1 - It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.
25501b4d25ab339dc83e00431f8456774abbafa2cdfb4b9a42421a7af1c61253Gentoo Linux Security Advisory GLSA 200907-04 - Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Versions less than 2.2.11-r2 are affected.
abcbba587113454fb3691d9b0cc0ef52089b05b2cb5706de46212acbee55d87aMandriva Linux Security Advisory 2009-149 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fixed a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.
c6bfbf6ae9b456b47c4d752222f01574101f35126c28e68a785e4b7b9f9da0e4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed