exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2011-1176

Status Candidate

Overview

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Related Files

Ubuntu Security Notice USN-1259-1
Posted Nov 11, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2011-1176, CVE-2011-3348, CVE-2011-3368
SHA-256 | 7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0
Mandriva Linux Security Advisory 2011-057
Posted Mar 31, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-057 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

tags | advisory, remote, web, root
systems | linux, mandriva
advisories | CVE-2011-1176
SHA-256 | 22de56c09b08a58a738c13069e87c04573002b0b52ea84aadd8e486e46b65fee
Debian Security Advisory 2202-1
Posted Mar 24, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2202-1 - MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that is included in Debian's apache2 package.

tags | advisory
systems | linux, debian
advisories | CVE-2011-1176
SHA-256 | b928a735f521bacebfb2c8190a7619edeff9aeca300224b2d84504d193d6561b
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close