Showing 1 - 3 of 3

CVE-2015-0253

Status Candidate

Overview

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Related Files

Apple Security Advisory 2015-09-16-4: Posted Sep 19, 2015; Authored by Apple | Site apple.com; Apple Security Advisory 2015-09-16-4 - OS X Server 5.0.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.; tags | advisory, denial of service, vulnerability, code execution; systems | apple, osx; advisories | CVE-2013-5704, CVE-2014-0067, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2014-8161, CVE-2014-8500, CVE-2015-0228, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-0253, CVE-2015-1349, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, CVE-2015-3183, CVE-2015-3185, CVE-2015-5911; SHA-256 | 8254c8d55f2667e65687c75dc0e4ebbbd127b907729adba11b4a141d12fc30b2; Download | Favorite | View

Red Hat Security Advisory 2015-1666-01: Posted Aug 24, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-1666-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied.; tags | advisory, remote, web; systems | linux, redhat; advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185; SHA-256 | 0f0af590cf4c621e7c0a3e37a8fe52a41b798cb1d1718c319834d751b885ed27; Download | Favorite | View

Slackware Security Advisory - httpd Updates: Posted Jul 20, 2015; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185; SHA-256 | 36799e7bd8fbb814ff99012997a8e5d129d9c75f98b4f4fa759d4b8c20dff96f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2015-0253

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems