CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path
https://notcve.org/view.php?id=CVE-2015-0253
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el protocolo de estructura de miembro, lo que permite a atacantes remotos causar una denegación de servicio mediante la referencia a un puntero NULO y la caída procesos a través del envío de una solicitud que carece de un método para una instalación que habilita el filtro INCLUDE y tiene una directiva ErrorDocument 400 especificando un URI local. A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://www.apache.org/dist/httpd/CHANGES_2.4 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75964 • CWE-476: NULL Pointer Dereference •
CVE-2015-0228 – httpd: Possible mod_lua crash due to websocket bug
https://notcve.org/view.php?id=CVE-2015-0228
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. La función lua_websocket_read en lua_request.c en el módulo mod_lua en Apache HTTP Server hasta 2.4.12 permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) mediante el envío de un Frame WebSocket Ping manipulado después de que una secuencia de comandos Lua haya llamado a la función wsupgrade. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. • http://advisories.mageia.org/MGASA-2015-0099.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork • CWE-20: Improper Input Validation •
CVE-2014-8109
https://notcve.org/view.php?id=CVE-2014-8109
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. El módulo mod_lua.c en el módulo mod_lua en Apache HTTP Server 2.3.x y 2.4.x a través de 2.4.10 no soporta la configuración httpd en la cual el proveedor de autorización Lua se usa con argumentos diferentes dentro de contextos diferentes, lo que permite a atacantes remotos saltarse las restricciones de acceso en ciertas circunstancias aprovechando múltiples directivas requeridas, como se demuestra por una configuración que especifica la autorización para un grupo para acceder a un directorio determinado, y una autorización para un segundo grupo para acceder a un segundo directorio. • http://advisories.mageia.org/MGASA-2015-0011.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159352.html http://www.openwall.com/lists/oss-security/2014/11/28/5 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/73040 http://www.ubuntu.com/usn/USN-2523-1 https • CWE-863: Incorrect Authorization •
CVE-2014-3583 – httpd: mod_proxy_fcgi handle_headers() buffer over read
https://notcve.org/view.php?id=CVE-2014-3583
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers. La función handle_headers en mod_proxy_fcgi.c en el módulo mod_proxy_fcgi en Apache HTTP Server 2.4.10 permite a servidores remotoos FastCGI causar una denegación de servicio (sobre lectura de buffer y caída del demonio) a través de cabeceras de respuesta largas. A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1855.html http://svn.apache.org/viewvc?view=revision&revision=1638818 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securityfocus.com/bid/71657 http://www.ubuntu.com/usn/USN-2523-1 https://access.redhat.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2014-3581 – httpd: NULL pointer dereference in mod_cache if Content-Type has empty value
https://notcve.org/view.php?id=CVE-2014-3581
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. La función cache_merge_headers_out en modules/cache/cache_util.c en el módulo mod_cache en el servidor Apache HTTP anterior a 2.4.11 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de una cabecera HTTP Content-Type vacía. A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0325.html http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749 http://svn.apache.org/viewvc?view=revision&revision=1624234 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htm • CWE-476: NULL Pointer Dereference •