CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-8109
https://notcve.org/view.php?id=CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. El módulo mod_lua.c en el módulo mod_lua en Apache HTTP Server 2.3.x y 2.4.x a través de 2.4.10 no soporta la configuración httpd en la cual el proveedor de autorización Lua se usa con argumentos diferentes dentro de contextos diferentes, lo que permite a atacantes remotos saltarse las restricciones de acceso en ciertas circunstancias aprovechando múltiples directivas requeridas, como se demuestra por una configuración que especifica la autorización para un grupo para acceder a un directorio determinado, y una autorización para un segundo grupo para acceder a un segundo directorio. • http://advisories.mageia.org/MGASA-2015-0011.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html http://www.openwall.com/lists/oss-security/2014/11/28/5 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/73040 http://www.ubuntu.com/usn/USN-2523-1 https • CWE-863: Incorrect Authorization •
CVSS: 5.0EPSS: 1%CPEs: 12EXPL: 0CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1855.html http://svn.apache.org/viewvc?view=revision&revision=1638818 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/71657 http://www.ubuntu.com/usn/USN-2523-1 https://access.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 7%CPEs: 31EXPL: 0CVE-2014-3581 – httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
https://notcve.org/view.php?id=CVE-2014-3581
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. La función cache_merge_headers_out en modules/cache/cache_util.c en el módulo mod_cache en el servidor Apache HTTP anterior a 2.4.11 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de una cabecera HTTP Content-Type vacía. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749 http://svn.apache.org/viewvc?view=revision&revision=1624234 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htm • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 95%CPEs: 18EXPL: 4CVE-2014-0226 – Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Condición de carrera en el módulo mod_status en Apache HTTP Server anterior a 2.4.10 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica), o posiblemente obtener información sensible de credenciales o ejecutar código arbitrario, a través de una solicitud manipulada que provoca el manejo indebido de la tabla de clasificación (scoreboard) dentro de la función status_handler en modules/generators/mod_status.c y la función lua_ap_scoreboard_worker en modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. • https://www.exploit-db.com/exploits/34133 https://github.com/shreesh1/CVE-2014-0226-poc http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http&# • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.0EPSS: 46%CPEs: 76EXPL: 1CVE-2013-5704 – httpd: bypass of mod_headers rules via chunked requests
https://notcve.org/view.php?id=CVE-2013-5704
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such." El módulo mod_headers en el servidor de Apache HTTP 2.2.22 permite a atacantes remotos evadir directivas "RequestHeader unset" mediante la colocación de una cabera en la porción "trailer" de datos enviados con codificación de transferencia fragmentada. NOTA: el proveedor afirma que "esto no es un problema de seguridad en httpd como tal." A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://martin.swende.se/blog/HTTPChunked.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://rhn.redhat.com/errata/RHSA-2015-1249.html http://rhn.redhat& • CWE-287: Improper Authentication •