Computer Security
[EN] securityvulns.ru no-pyccku


Apache security vulnerabilities
Published:20.07.2015
Source:
SecurityVulns ID:14598
Type:remote
Threat Level:
5/10
Description:DoS, few potential vulnerabilities.
Affected:APACHE : Apache 2.4
CVE:CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.)
 CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.)
 CVE-2015-0253 (The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.)
Original documentdocumentSLACKWARE, [slackware-security] httpd (SSA:2015-198-01) (20.07.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod