Page 20 of 99 results (0.010 seconds)

CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 1

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." Apache httpd versiones 1.3.37, 2.0.59 y 2.2.4 con el módulo Prefork MPM, permite a los usuarios locales causar una denegación de servicio por la modificación de las matrices worker_score y process_score para hacer referencia a un ID de proceso arbitrario, al que se envía una señal SIGUSR1 desde el proceso maestro, también se conoce como "SIGUSR1 killer". • ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=186219 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245111 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html& •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. Apache httpd 2.0.59 y 2.2.4, con el módulo Prefork MPM, permite a usuarios locales provocar una denegación de servicio mediante ciertas secuencias de código ejecutadas en un proceso trabajador que (1) para el procesamiento de una petición matando todos los procesos trabajadores y previniendo la creación de reemplazos o (2) cuelga el sistema forzando al proceso maestro a crear un número arbitrario de procesos trabajadores. NOTA: esto podría ser una limitación inherente de diseño de Apache con respecto a procesos trabajadores en entornos host. • http://osvdb.org/37050 http://security.psnc.pl/files/apache_report.pdf http://securityreason.com/securityalert/2814 http://www.securityfocus.com/archive/1/469899/100/0/threaded http://www.securityfocus.com/archive/1/471832/100/0/threaded http://www.securityfocus.com/bid/24215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information. La función recall_headers en mod_mem_cache en Apache 2.2.4 no copia adecuadamente todos los niveles de la cabecera de los datos, lo cual puede provocar a Apache que las cabeceras HTTP contienen los datos previamente usados, que se podrían ser utilizados por los atacantes remotos para obtener información potencialmente sensible. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://httpd.apache.org/security/vulnerabilities_22.html http://issues.apache.org/bugzilla/show_bug.cgi?id=41551 http://osvdb.org/38641 http://people.apache.org/~covener/2.2.x-mod_memcache-poolmgmt.diff http://secunia.com/advisories/26273 http://secunia.com/advisories/26842 http://secunia.com/advisories/27563 http://security.gentoo.org/glsa/glsa-200711-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:127&# •

CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041898.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041899.html http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041742.html http://secunia.com/advisories/18621 http://secunia.com/advisories/19712 http://secunia.com/advisories/19859 http://securityreason.com/securityalert/402 http://securityreason.com/securityalert/403 http://securitytracker.com/id?1015544 http://securitytracker.com/id?10 •