VYPR

rpm package

opensuse/apache2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweed

Vulnerabilities (136)

  • CVE-2008-2364Jun 13, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a la

  • CVE-2008-0005Jan 12, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

  • CVE-2007-6420Jan 12, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.

  • CVE-2007-6421Jan 8, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

  • CVE-2007-6422Jan 8, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.

  • CVE-2007-6388Jan 8, 2008
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-5000Dec 13, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTM

  • CVE-2007-4465MedSep 14, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it co

  • CVE-2007-3847Aug 23, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

  • CVE-2007-1863Jun 27, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age

  • CVE-2006-5752Jun 27, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involvin

  • CVE-2007-3304Jun 20, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 ki

  • CVE-2007-1862Jun 4, 2007
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

  • CVE-2006-3747Jul 28, 2006
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execu

  • CVE-2005-3357Dec 31, 2005
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.

  • CVE-2005-3352Dec 13, 2005
    affected < 2.4.49-1.1fixed 2.4.49-1.1

    Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Page 7 of 7