CVE-2015-0228 – httpd: Possible mod_lua crash due to websocket bug
https://notcve.org/view.php?id=CVE-2015-0228
The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function. La función lua_websocket_read en lua_request.c en el módulo mod_lua en Apache HTTP Server hasta 2.4.12 permite a atacantes remotos causar una denegación de servicio (caída del proceso hijo) mediante el envío de un Frame WebSocket Ping manipulado después de que una secuencia de comandos Lua haya llamado a la función wsupgrade. A denial of service flaw was found in the way the mod_lua httpd module processed certain WebSocket Ping requests. A remote attacker could send a specially crafted WebSocket Ping packet that would cause the httpd child process to crash. • http://advisories.mageia.org/MGASA-2015-0099.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork • CWE-20: Improper Input Validation •
CVE-2007-6750
https://notcve.org/view.php?id=CVE-2007-6750
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. El servidor HTTP Apache 1.x y 2.x permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP parcial, tal como se ha demostrado por Slowloris, relacionado con la falta del módulo mod_reqtimeout en versiones anteriores a 2.2.15. • http://archives.neohapsis.com/archives/bugtraq/2007-01/0229.html http://ha.ckers.org/slowloris http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://www.securityfocus.com/bid/21865 http://www.securitytracker.com/id/1038144 https://exchange.xforce.ibmcloud.com/vulnerabilities/72345 https://h20566.www2.hpe.com/portal/site/hpsc/public/ • CWE-399: Resource Management Errors •
CVE-2011-1360
https://notcve.org/view.php?id=CVE-2011-1360
Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in (1) manual/ibm/ and (2) htdocs/*/manual/ibm/. vulnerabilidad múltiple en cross-site scripting (XSS) en IBM HTTP Server v2.0.47 y anteriores, se utiliza en WebSphere Application Server y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados que involucran archivos de documentación en (1) manual/ibm/ y (2) htdocs/*/manual/ibm/. • http://www-01.ibm.com/support/docview.wss?uid=swg21502580 http://www.ibm.com/support/docview.wss?uid=swg1PM41293 http://www.securityfocus.com/bid/50447 https://exchange.xforce.ibmcloud.com/vulnerabilities/69656 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0010
https://notcve.org/view.php?id=CVE-2010-0010
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función ap_proxy_send_fb en proxy/proxy_util.c en mod_proxy en el servidor HTTP Apache anterior a v1.3.42 en plataformas de 64 bits permite a los servidores de origen remoto provocar una denegación de servicio (cuelgue del demonio) o posiblemente ejecutar código arbitrario a través de un fragmento de gran tamaño que provoca un desbordamiento de búfer basado en memoria dinámica. • http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0589.html http://blog.pi3.com.pl/?p=69 http://httpd.apache.org/dev/dist/CHANGES_1.3.42 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://packetstormsecurity.org/1001-exploits/modproxy-overflow.txt http://secunia.com/advisories/38319 http://secunia.com/advisories/39656 http://site.pi3.com.pl/adv/mod_proxy.txt http://www.sec • CWE-189: Numeric Errors •
CVE-2009-3555 – Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
https://notcve.org/view.php?id=CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. El protocolo TLS y el protocolo SSL v3.0 y posiblemente versiones anteriores, tal y como se usa en Microsoft Internet Information Services (IIS) v7.0, mod_ssl en el servidor HTTP Apache v2.2.14 y anteriores, OpenSSL antes de v0.9.8l, GnuTLS v2.8.5 y anteriores, Mozilla Network Security Services (NSS) v3.12.4 y anteriores, y otros productos, no asocia apropiadamente la renegociación del Handshake SSL en una conexión existente, lo que permite ataques man-in-the-middle en los que el atacante inserta datos en sesiones HTTPS, y posiblemente otro tipo de sesiones protegidas por SSL o TLS, enviando una petición de autenticación que es procesada retroactivamente por un servidor en un contexto post-renegociación. Se trata de un ataque de "inyección de texto plano", también conocido como el problema del "Proyecto Mogul". • https://www.exploit-db.com/exploits/10071 https://www.exploit-db.com/exploits/10579 http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html http://blogs.iss.net/archive/sslmitmiscsrf.html http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during http://clicky.me/tlsvuln http://extendedsubset.com/?p=8 http://extendedsubset.com/Renegotiating_TLS.pdf http://h20000.www2.hp.com/bizsuppo • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •