The byterange filter in the Apache HTTP Server 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, exploit called "Apache Killer".
0734a15f0aad55080228d326c0a457d79a25be07a59d2418157e4a484a6b1003HP Security Bulletin HPSBOV02822 SSRT100966 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
21c104d295b4ae2e63eb3ca4f8927d747e86151bd3754aa34134f75312b342b7Gentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.
384b2487f5f9cd58a858736f481966a3ddea24b706867ab02a3f57c4c6800e0fHP Security Bulletin HPSBMU02776 SSRT100852 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). Revision 1 of this advisory.
81bc660490835ba3e0d0c8bb863ac4728f1c3963fde22d565671ac239b46f148HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.
309e442bfe4de81d1da4a903beb9bb3ce130e05b0ec3c99ada2e50debacf94afHP Security Bulletin HPSBMU02766 SSRT100624 - A potential security vulnerability has been identified with HP Onboard Administrator (OA). The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
2e9ccfbbee1de3ca1818aa7517b75f495f859618c8c98560ebcdeea64acb9a42HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.
ef4dc6d5c693e4d1488186aa6471a0d6ae5ab0b725cd9a055f4101f928dcf379This exploit triggers a denial of service condition in Apache versions 1.3.x, 2.0.64 and below and 2.2.19 and below.
96f85ac954acd76315cd343cae7ecaa3c0a1d9c8b822efa823ff495fa177695aThis is a reverse engineered version of the exploit by ev1lut10n that triggers a denial of service condition using a vulnerability in the Range header of Apache versions 1.3.x, 2.0.64 and below and 2.2.19 and below.
8924bead3b42a1c38477cea3b48584db4ab1b22693ae7553273e5f0bc044c0ffMandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fbHP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
7999f71fbcd8709c32f927c331d72a48a33196832c69bf214321a6a0024ddec9HP Security Bulletin HPSBUX02707 SSRT100626 2 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
2bc580cebeaede10bf326b7f8b67beb2822682b19ca788d5dc123a8023251ae1HP Security Bulletin HPSBUX02702 SSRT100606 5 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 5 of this advisory.
a34907b555a172f5345fd6f023fcaedbb9208697f80f7db3d6a74714556b4712Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
a70e4675d43ff217a15c5bd0fc1cb4a7f7389f9a4f764dc36f60527a83d3e971Red Hat Security Advisory 2011-1369-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
f9744937ca728dde6c061d9b423e536392bde93fd90da8b2c7901931451c0fc4HP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
8c8491ffbdea51197735b916bafae7e01bedf7e73d74f78a14d32b3f74aa0016HP Security Bulletin HPSBUX02702 SSRT100606 4 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 4 of this advisory.
f84390edda2d8182da2df382e01d723deffb2e8beb3db4539121121bcbc2bcf0Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
4c4d52c5fd2a5c20616f3ebc71ce87be9cc1e7162d05e80b851e4a21b45fc3b8Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
09a25924843b91f3f50dabe88e350b2457e7ea33b36285fc79174f374c87f60dMandriva Linux Security Advisory 2011-130 - The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. The updated packages have been patched to correct this issue.
5776fc8fda0accec1d7c57c764d6adb28925ae2490071ad0f2cce19d3ae5367bRed Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
bbf257d16d4b33fe3a4b4620ca33a870becb160a5669a9ac0f80792b0132cf8dRed Hat Security Advisory 2011-1294-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
885c8c3c438c350bb0f165e6909adfe5a91dc78ba252740e6d9b5d1b28208edaHP Security Bulletin HPSBUX02702 SSRT100606 2 - Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
5d1c5a8b3181e25ea29570e76ce93e1bf7ddcce44664736210e2e52ed2f4d002Slackware Security Advisory - Not long ago, httpd package updates were issued to clamp down on a denial of service bug that's seen some action in the wild. New packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current.
1f1ce82ceb66b111afebe5f586855aa490986543c2728a348726ad7c10c880fcHP Security Bulletin HPSBUX02702 SSRT100606 - A potential security vulnerability has been identified with HP-UX Apache Web Server. These vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
56ce56453dcdcdf048753152dd2165359229dd31558d0c9f6b820c059512d8e0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed