HP Security Bulletin HPSBUX02893 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform Cross Site Scripting (XSS). Revision 1 of this advisory.
a026ac31493a39f6f261c4aec7d39803b709c1fe4c6b7c6d2240611c6fa91a58HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.
d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087Ubuntu Security Notice 1765-1 - Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the mod_proxy_ajp module incorrectly handled error states. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. Various other issues were also addressed.
9767c3ba93f72fe50577dcb192dc592f8756c27311ba9608eac93daa121f26e9Red Hat Security Advisory 2013-0512-02 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
f8cfe39b362ad6d9a254f54f9420f1cf47a5d594adaddff4dc75cf932ed837ffDebian Linux Security Advisory 2579-1 - A vulnerability has been found in the Apache HTTPD Server.
75cc0f2d9d8dabf15819407aef98d97059d1c26d0754a1dead1d43130c26538d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed