HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
0c88cd43198ceaaa105ad00fd4c4738c239da351f3bb32f882c51ff2df83961b
Mandriva Linux Security Update Advisory - A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service.
d8ac7a09a10fda0bcf0e418be47a3e0e0888e664ca28011b661fb6856ae40716
Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:
76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0
Ubuntu Security Notice USN-177-1 - apache2, libapache-mod-ssl vulnerabilities - Apache did not honour the "SSLVerifyClient require" directive within a block if the surrounding block contained a directive "SSLVerifyClient optional". This allowed clients to bypass client certificate validation on servers with the above configuration. Also, Filip Sneppe discovered a Denial of Service vulnerability in the byte range filter handler. By requesting certain large byte ranges, a remote attacker could cause memory exhaustion in the server.
f63bd9e3e650b2f1d6cbf6e4bceff6b9f82ee6c95a22dc5b50cef9f0bab677b0