4 results (0.023 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. Existe una vulnerabilidad de Bypass de seguridad en el Proxy FcgidPassHeader en mod_fcgid hasta el 2016-07-07. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00084.html http://www.openwall.com/lists/oss-security/2016/07/18/6 http://www.securityfocus.com/bid/91822 https://www.tenable.com/security/tns-2017-04 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors. Vulnerabilidad de desbordamiento de buffer (heap) en la función fcgid_header_bucket_read de fcgd_bucket.c en el modulo mod_fcgid anterior a 2.3.9 para Apache HTTP Server permite a atacantes remotos tener unimpacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00024.html http://secunia.com/advisories/55197 http://svn.apache.org/viewvc?view=revision&revision=1527362 http://www.debian.org/security/2013/dsa-2778 http://www.mail-archive.com/dev%40httpd.apache.org/msg58077.html http://www. • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit. fcgid_spawn_ctl.c en el módulo de mod_fcgid v2.3.6 para el Servidor Apache HTTP no reconoce la directiva FcgidMaxProcessesPerClass para un host virtual, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una serie de peticiones HTTP que desencadena un proceso de contar superior al límite previsto. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814 http://www.debian.org/security/2012/dsa-2436 http://www.openwall.com/lists/oss-security/2012/03/15/10 http://www.openwall.com/lists/oss-security/2012/03/16/2 http://www.securityfocus.com/bid/52565 https://exchange.xforce.ibmcloud.com/vulnerabilities/74181 https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash. La función apr_status_t fcgid_header_bucket_read en fcgid_bucket.c en Apache mod_fcgid anterior a v2.3.6 no utiliza punteros aritméticos bytewise en ciertas ciscunstancias, lo que provoca un impacto desconocido y vectores de ataque relacionados con "untrusted FastCGI applications" y un "stack buffer overwrite". • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050930.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050932.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050976.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html http://osvdb.org/69275 http://secunia.com/advisories/42288 http://secunia.com/advisories/42302 http://sec • CWE-121: Stack-based Buffer Overflow CWE-189: Numeric Errors •