Arch LinuxASA-201507-15

HistoryJul 17, 2015 - 12:00 a.m.

Vulners
/
Archlinux
/
apache: multiple issues

apache: multiple issues

2015-07-1700:00:00

Arch Linux

lists.archlinux.org

0.062 Low

EPSS

Percentile

93.6%

JSON

CVE-2015-0228 (denial of service):

mod_lua: A maliciously crafted websockets PING after a script calls
r:wsupgrade() can cause a child process crash.

CVE-2015-0253 (denial of service):

Fix a crash with ErrorDocument 400 pointing to a local URL-path with the
INCLUDES filter active, introduced in 2.4.11. PR 57531.

CVE-2015-3183 (denial of service):

core: Fix chunk header parsing defect. Remove apr_brigade_flatten(),
buffering and duplicated code from the HTTP_IN filter, parse chunks in a
single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be
strict about chunk-ext authorized characters.

CVE-2015-3185 (authentication bypass):

Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with
new ap_some_authn_required and ap_force_authn hook.

OSVersionArchitecturePackageVersionFilename
anyanyanyapache< 2.4.16-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	apache	< 2.4.16-1	UNKNOWN

References

www.apache.org/dist/httpd/CHANGES_2.4.16

access.redhat.com/security/cve/CVE-2015-0228

access.redhat.com/security/cve/CVE-2015-0253

access.redhat.com/security/cve/CVE-2015-3183

access.redhat.com/security/cve/CVE-2015-3185

bz.apache.org/bugzilla/show_bug.cgi?id=57531

nessus 47

oraclelinux 3

openvas 28

kaspersky 1

redhat 12

slackware 1

veracode 4

fedora 2

freebsd 2

securityvulns 6

amazon 2

ibm 35

centos 2

osv 3

ubuntu 2

debian 6

mageia 2

ubuntucve 5

nvd 4

cvelist 4

debiancve 4

cve 4

f5 8

prion 4

httpd 5

hackerone 2

gentoo 1

nessus

Apache 2.4.x < 2.4.16 Multiple Vulnerabilities

2019-01-09 00:00:00

Apache 2.4.x < 2.4.16 Multiple Vulnerabilities

2015-07-23 00:00:00

Slackware 14.0 / 14.1 / current : httpd (SSA:2015-198-01)

2015-07-20 00:00:00

oraclelinux

httpd24-httpd security update

2016-02-04 00:00:00

httpd security update

2015-08-24 00:00:00

httpd security update

2015-08-24 00:00:00

openvas

Oracle: Security Advisory (ELSA-2015-1666)

2016-02-05 00:00:00

Fedora Update for httpd FEDORA-2015-11689

2015-07-22 00:00:00

Amazon Linux: Security Advisory (ALAS-2015-579)

2015-09-08 00:00:00

kaspersky

KLA10640 Multiple vulnerabilities in Apache HTTP Server

2015-07-21 00:00:00

redhat

(RHSA-2015:1666) Moderate: httpd24-httpd security update

2015-08-24 00:00:00

(RHSA-2015:1667) Moderate: httpd security update

2015-08-24 00:00:00

(RHSA-2015:1668) Moderate: httpd security update

2015-08-24 00:00:00

slackware

[slackware-security] httpd

2015-07-17 20:25:06

veracode

Denial Of Service (DoS)

2019-05-02 05:18:03

Denial Of Service (DoS)

2019-01-15 09:07:16

Access Restriction Bypass

2019-01-15 09:19:28

fedora

[SECURITY] Fedora 22 Update: httpd-2.4.16-1.fc22

2015-07-21 08:12:37

[SECURITY] Fedora 21 Update: httpd-2.4.16-1.fc21

2015-07-30 00:52:03

freebsd

apache24 -- multiple vulnerabilities

2015-02-04 00:00:00

apache22 -- chunk header parsing defect

2015-06-24 00:00:00

securityvulns

[slackware-security] httpd (SSA:2015-198-01)

2015-07-20 00:00:00

Apache security vulnerabilities

2015-07-20 00:00:00

[USN-2523-1] Apache HTTP Server vulnerabilities

2015-03-15 00:00:00

amazon

Medium: httpd24

2015-08-17 12:27:00

Medium: httpd

2015-08-17 12:23:00

ibm

Security Bulletin: Vulnerabilities in the Apache HTTP Server affect PowerKVM (CVE-2015-3183,CVE-2015-3185)

2018-06-18 01:32:18

Security Bulletin: A HTTP server vulnerability affects IBM Security Access Manager for Web (CVE-2015-3183)

2018-06-16 21:39:01

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Business Modeler Publishing Server (CVE-2015-3183)

2018-06-15 07:03:38

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2015-08-25 16:08:42

httpd, mod_ssl security update

2015-08-24 18:23:20

osv

apache2 - security update

2015-08-01 00:00:00

apache2 - regression update

2015-08-01 00:00:00

apache2 - security update

2015-07-28 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2015-07-27 00:00:00

Apache HTTP Server vulnerabilities

2015-03-10 00:00:00

debian

[SECURITY] [DSA 3325-1] apache2 security update

2015-08-01 22:04:23

[SECURITY] [DSA 3325-1] apache2 security update

2015-08-01 22:04:23

[SECURITY] [DSA 3325-2] apache2 regression update

2015-08-18 11:39:08

mageia

Updated apache package fixes security vulnerabilities

2015-07-27 12:53:07

Updated apache packages fix CVE-2015-0228

2015-03-06 21:08:57

ubuntucve

CVE-2015-0253

2015-07-20 00:00:00

CVE-2015-0228

2015-02-16 00:00:00

CVE-2015-3185

2015-07-20 00:00:00

nvd

CVE-2015-0253

2015-07-20 23:59:00

CVE-2015-0228

2015-03-08 02:59:00

CVE-2015-3185

2015-07-20 23:59:03

cvelist

CVE-2015-0253

2015-07-20 23:00:00

CVE-2015-0228

2015-03-08 02:00:00

CVE-2015-3185

2015-07-20 23:00:00

debiancve

CVE-2015-0253

2015-07-20 23:59:00

CVE-2015-0228

2015-03-08 02:59:00

CVE-2015-3185

2015-07-20 23:59:03

cve

CVE-2015-0253

2015-07-20 23:59:00

CVE-2015-0228

2015-03-08 02:59:00

CVE-2015-3185

2015-07-20 23:59:03

SOL17317 - Apache HTTP server vulnerability CVE-2015-0253

2015-09-24 00:00:00

K17317 : Apache HTTP server vulnerability CVE-2015-0253

2015-09-24 00:00:00

SOL17157 - Apache HTTP server vulnerability CVE-2015-0228

2015-08-20 00:00:00

prion

Null pointer dereference

2015-07-20 23:59:00

Authorization

2015-07-20 23:59:00

Design/Logic Flaw

2015-07-20 23:59:00

httpd

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

2015-02-03 00:00:00

Apache Httpd < 2.4.16 : mod_lua: Crash in websockets PING handling

2015-01-28 00:00:00

Apache Httpd < 2.4.16 : ap_some_auth_required API unusable

2013-08-05 00:00:00

hackerone

Internet Bug Bounty: mod_lua: Crash in websockets PING handling

2015-01-28 00:00:00

Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects

2017-06-29 17:41:22

gentoo

Apache: Multiple vulnerabilities

2016-10-06 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

apache: multiple issues

References

Related