Page 21 of 317 results (0.015 seconds)

CVSS: 5.0EPSS: 0%CPEs: 46EXPL: 0

CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

https://notcve.org/view.php?id=CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a través del nombre de la ruta. It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76274 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05 https://support • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0

CVE-2015-0253 – httpd: NULL pointer dereference crash with ErrorDocument 400 pointing to a local URL-path

https://notcve.org/view.php?id=CVE-2015-0253

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. La función read_request_line en server/protocol.c del Servidor HTTP Apache en su versión 2.4.12 no inicializa el protocolo de estructura de miembro, lo que permite a atacantes remotos causar una denegación de servicio mediante la referencia a un puntero NULO y la caída procesos a través del envío de una solicitud que carece de un método para una instalación que habilita el filtro INCLUDE y tiene una directiva ErrorDocument 400 especificando un URI local. A NULL pointer dereference flaw was found in the way httpd generated certain error responses. A remote attacker could possibly use this flaw to crash the httpd child process using a request that triggers a certain HTTP error. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://www.apache.org/dist/httpd/CHANGES_2.4 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/75964 • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 6%CPEs: 2EXPL: 0

CVE-2015-3183 – httpd: HTTP request smuggling attack against chunked request parser

https://notcve.org/view.php?id=CVE-2015-3183

The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c. Vulnerabilidad en la implementación de la codificación de transferencia fragmentada en el Servidor HTTP Apache en versiones anteriores a la 2.4.14 no analiza adecuadamente los fragmentos de las cabeceras lo cual permite a atacantes remotos efectuar ataques de infiltración de solicitudes HTTP a través de peticiones manipuladas, relacionada con el mal manejo de los valores fragmentados de gran tamaño y extensiones fragmentadas no válidas en modules/http/http_filters.c. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. • http://httpd.apache.org/security/vulnerabilities_24.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2015-1666.html http://rhn.redhat.com/errata/RHSA-2015-1667.html http&# • CWE-17: DEPRECATED: Code CWE-20: Improper Input Validation CWE-172: Encoding Error •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4

https://notcve.org/view.php?id=CVE-2015-3185

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versión 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorización en lugar de un ajuste de autenticación lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un módulo que se basa en el comportamiento en la API 2.2. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://rhn.redhat.com/errata/RHSA-2015-1667.html http://rhn.redhat.com/errata/RHSA-2016-2957.htm • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 0

CVE-2015-0228 – httpd: Possible mod_lua crash due to websocket bug

https://notcve.org/view.php?id=CVE-2015-0228

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. La función lua_websocket_read en lua_request.c en el módulo mod_lua en Apache HTTP Server hasta 2.4.12 permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) mediante el envío de un Frame WebSocket Ping manipulado después de que una secuencia de comandos Lua haya llamado a la función wsupgrade. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. • http://advisories.mageia.org/MGASA-2015-0099.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork&#x • CWE-20: Improper Input Validation •