![]() The error exists with the "mod_deflate" filter module. * A design error vulnerabilty has been identified in Apache HTTP Server. Title :Apache HTTPD: mod_deflate denial of service (CVE-2014-0118)ĭescription:Remote exploitation of a design error vulnerability in multiple versions of the Apache Software Foundation's HTTP Server could allow attackers to create a denial of service (DoS) condition on the targeted host. Vulnerable version:HTTP Server versions prior to 2.2.25 and 2.4.6 are vulnerable. Specifically, the vulnerable module may segmentation fault while processing a MERGE request with a source href pointing to a URI not configured for the DAV. * An input validation error vulnerability exists in the mod_dav module available for the HTTP Server. Title :Apache HTTPD: mod_dav crash (CVE-2013-1896)ĭescription:Remote exploitation of an input validation error vulnerability in versions prior to 2.2.25 of the Apache Software Foundation's HTTP Server could allow attackers to create a denial of service (DoS) condition on the targeted host. Vulnerable version:httpd versions 2.2.20 and prior are vulnerable Specifically, mod_proxy_ajp fails to return "HTTP_NOT_IMPLEMENTED" for a bad request method ("status" resulting in "AJP_EBAD_METHOD"). The module is designed to forward http requests to a Tomcat application server using the AJP protocol. * An unspecified vulnerability exists in the mod_proxy_ajp module as made available in httpd. Title :Apache HTTPD: mod_proxy_ajp remote DoS (CVE-2011-3348)ĭescription:Remote exploitation of an unspecified vulnerability in versions 2.2.20 and prior of The Apache Software Foundation's httpd could allow attackers to conduct unspecified attacks on the targeted host. Vulnerable version:apache:Apache Software Foundation Apache HTTP Server 2.2.18 * The APR library contains a recursion flaw when processing patterns containing "*" Title :Apache HTTPD: apr_fnmatch flaw leads to mod_autoindex remote DoS (CVE-2011-0419)ĭescription:Remote exploitation of a design error vulnerability in the Apache Software Foundation's Apache Portable Runtime (APR) library, as provided in various operating system distributions, could allow attackers to cause a denial of service (DoS) on a targeted host. Vulnerable version:AApache Software Foundation: Apache 2.2.16 and prior, Apache 2.0.63 and prior * The vulnerability exists in the apr_brigade_split_line() function. ![]() Title :Apache HTTPD: apr_bridage_split_line DoSĭescription:Remote exploitation of an unspecified vulnerability in the Apache Software Foundation's APR-util could allow attackers to cause a denial of service (DoS) on a targeted system. Vulnerable version:Apache Software Foundation's Apache versions 2.0.63 and 2.2.15 are vulnerable. * An undisclosed vulnerability exists in Apache mod_cache and mod_dav, which could allow an attacker to cause a DoS condition. Title :Apache HTTP Server 2.2.15 mod_cache and mod_dav Undisclosed DoS VulnerabilityApache HTTP Server 2.2.15 mod_cache and mod_dav Undisclosed DoS Vulnerabilityĭescription:Remote exploitation of an undisclosed vulnerability in Apache Software Foundation's Apache version 2.2.15 could allow an attacker to cause a denial of service (DoS) condition. Vulnerable Version : Apache Software Foundation: Apache Portable Runtime version prior to 0.9.19 and APR Utility versions prior to 0.9.19, Apache 2.2.16 and prior, Apache 2.0.63 and prior Title :Multiple Vendor Expat "big2_toUtf8" Buffer Over-Read DoS Vulnerabilityĭescription:Remote exploitation of a design error vulnerability in Expat, as included in various vendors' operating system distributions, could allow attackers to create a denial of service (DoS) condition on the targeted host. Will the JSS supports the latest Apache build? When I upgraded my JSS to 9.93, Our Security team hit me up indicating the following Vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |