VYPR

rpm package

opensuse/apache2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweed

Vulnerabilities (136)

  • CVE-2010-2068Jun 18, 2010
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a pote

  • CVE-2010-0434Mar 5, 2010
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attacke

  • CVE-2010-0425Mar 5, 2010
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allo

  • CVE-2010-0408Mar 5, 2010
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outa

  • CVE-2009-3560Dec 4, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, re

  • CVE-2009-3555CriNov 9, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and

  • CVE-2009-3720Nov 3, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger

  • CVE-2009-2699HigOct 13, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denia

  • CVE-2009-3095Sep 8, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain mod

  • CVE-2009-3094Sep 8, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV comman

  • CVE-2009-2412Aug 6, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger craft

  • CVE-2009-1891Jul 10, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).

  • CVE-2009-1890Jul 5, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause

  • CVE-2009-1956Jun 8, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.

  • CVE-2009-1955HigJun 8, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document contain

  • CVE-2009-0023Jun 8, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in

  • CVE-2009-1195May 28, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htac

  • CVE-2009-1191Apr 23, 2009
    affected < 2.4.23-4.1fixed 2.4.23-4.1

    mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

  • CVE-2008-2939Aug 6, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcar

  • CVE-2008-1678Jul 10, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Serv

Page 6 of 7