ALT Linux Team

Package apache2 update in sisyphus on 2015-10-19

ALT-PU-2015-1890-1

Package apache2 updated to version 2.2.31-alt1 for branch sisyphus in task 151393.

Closed vulnerabilities

Published: 2014-07-20

BDU:2015-00396

Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
Published: 2014-07-22

BDU:2015-00398

Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2013-06-10
Modified: 2025-04-11

CVE-2013-1862

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.

Severity: MEDIUM (5.1) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2013-07-10
Modified: 2025-04-11

CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2014-04-15
Modified: 2025-04-12

CVE-2013-5704

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2014-03-18
Modified: 2025-04-12

CVE-2013-6438

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-03-18
Modified: 2025-04-12

CVE-2014-0098

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2014-07-20
Modified: 2025-04-12

CVE-2014-0118

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2014-07-20
Modified: 2025-04-12

CVE-2014-0226

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Severity: MEDIUM (6.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top