Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984aHP Security Bulletin - A potential security vulnerability has been identified with Apache running on HP-UX where the vulnerability could be exploited remotely to bypass client-based certificate authentication and gain unauthorized access to certain web pages.
236ac9f717d5af9a85f8bb1175d7955ec053fed46743ec7fd8f31ab7e23f6953Gentoo Linux Security Advisory GLSA 200509-12 - mod_ssl contains a security issue when SSLVerifyClient optional is configured in the global virtual host configuration (CVE-2005-2700). Also, Apache's httpd includes a PCRE library, which makes it vulnerable to an integer overflow (CVE-2005-2491). Versions less than 2.8.24 are affected.
a3b8bf8a9ed588fcf293e0f39c75f16aebcec3ebad2d43c5b100569496f78336Debian Security Advisory DSA 807-1 - A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions.
64c4fd269f6db8701f4f4fe549738e4f401dac7d4390012b1519e374c2461b6cMandriva Linux Security Update Advisory - A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service.
d8ac7a09a10fda0bcf0e418be47a3e0e0888e664ca28011b661fb6856ae40716Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:
76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.
f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed