[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2017:2478 -- centos 6 httpd

ID: oval:org.secpod.oval:def:204546Date: (C)2017-08-18   (M)2024-02-19
Class: PATCHFamily: unix




The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. * It was discovered that the use of httpd"s ap_get_basic_auth_pw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. * A NULL pointer dereference flaw was found in the httpd"s mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. * A buffer over-read flaw was found in the httpd"s mod_mime module. A user permitted to modify httpd"s MIME configuration could use this flaw to cause httpd child process to crash

Platform:
CentOS 6
Product:
httpd
Reference:
CESA-2017:2478
CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9788
CVE    4
CVE-2017-3167
CVE-2017-3169
CVE-2017-9788
CVE-2017-7679
...
CPE    33
cpe:/a:apache:http_server:2.2.26
cpe:/a:apache:http_server:2.2.27
cpe:/a:apache:http_server:2.2.24
cpe:/a:apache:http_server:2.2.25
...

© SecPod Technologies