CVE-2014-8109
https://notcve.org/view.php?id=CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. El módulo mod_lua.c en el módulo mod_lua en Apache HTTP Server 2.3.x y 2.4.x a través de 2.4.10 no soporta la configuración httpd en la cual el proveedor de autorización Lua se usa con argumentos diferentes dentro de contextos diferentes, lo que permite a atacantes remotos saltarse las restricciones de acceso en ciertas circunstancias aprovechando múltiples directivas requeridas, como se demuestra por una configuración que especifica la autorización para un grupo para acceder a un directorio determinado, y una autorización para un segundo grupo para acceder a un segundo directorio. • http://advisories.mageia.org/MGASA-2015-0011.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html http://www.openwall.com/lists/oss-security/2014/11/28/5 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/73040 http://www.ubuntu.com/usn/USN-2523-1 https • CWE-863: Incorrect Authorization •
CVE-2014-3581 – httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
https://notcve.org/view.php?id=CVE-2014-3581
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. La función cache_merge_headers_out en modules/cache/cache_util.c en el módulo mod_cache en el servidor Apache HTTP anterior a 2.4.11 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de una cabecera HTTP Content-Type vacía. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749 http://svn.apache.org/viewvc?view=revision&revision=1624234 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htm • CWE-476: NULL Pointer Dereference •
CVE-2013-4352 – httpd: mod_cache NULL pointer dereference crash
https://notcve.org/view.php?id=CVE-2013-4352
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. La función cache_invalidate en modules/cache/cache_storage.c en el módulo mod_cache en Apache HTTP Server 2.4.6, cuando un proxy del cacheo de reenvíos está habilitado, permite a servidores HTTP remotos causar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de vectores que provocan un valor de nombre de anfitrión ausente. A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. • http://httpd.apache.org/security/vulnerabilities_24.html http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?r1=1491564&r2=1523235&diff_format=h https://bugzilla.redhat.com/show_bug.cgi?id=1120604 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd& • CWE-476: NULL Pointer Dereference •
CVE-2014-0231 – httpd: mod_cgid denial of service
https://notcve.org/view.php?id=CVE-2014-0231
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor. El módulo mod_cgid en Apache HTTP Server anterior a 2.4.10 no tiene un mecanismo de timeout, lo que permite a atacantes remotos causar una denegación de servicio (cuelgue del proceso) a través de una solicitud en una secuencia de comandos CGI que no lee desde su descriptor de ficheros stdin. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. • http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://packetstormsecurity.com/files/130769/ • CWE-399: Resource Management Errors •
CVE-2014-0118 – httpd: mod_deflate denial of service
https://notcve.org/view.php?id=CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. La función deflate_in_filter en mod_deflate.c en el módulo mod_deflate en Apache HTTP Server anterior a 2.4.10, cuando la descompresión del cuerpo de una solicitud está habilitada, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de datos de solicitudes manipulados que descomprime a un tamaño mucho más grande. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. • http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2014 • CWE-400: Uncontrolled Resource Consumption •