Gentoo FoundationGLSA-201504-03

HistoryApr 11, 2015 - 12:00 a.m.

Vulners
/
Gentoo
/
Apache: Multiple vulnerabilities

Apache: Multiple vulnerabilities

2015-04-1100:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.955

Percentile

99.4%

JSON

Background

Apache HTTP Server is one of the most popular web servers on the Internet.

Description

Multiple vulnerabilities have been discovered in Apache HTTP Server. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-servers/apache-2.2.29"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache< 2.2.29UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	www-servers/apache	< 2.2.29	UNKNOWN

openvas 35

freebsd 2

hackerone 3

nessus 56

amazon 3

debian 4

veracode 5

mageia 2

centos 4

ibm 11

osv 3

redhat 12

oraclelinux 5

fedora 2

securityvulns 2

slackware 1

ubuntu 1

f5 3

suse 5

httpd 8

cvelist 4

prion 4

seebug 1

debiancve 4

nvd 4

cve 4

ubuntucve 4

zdi 1

packetstorm 1

checkpoint_advisories 3

zdt 1

exploitdb 1

openvas

Gentoo Security Advisory GLSA 201504-03

2015-09-29 00:00:00

Apache HTTP Server Multiple Vulnerabilities (Sep 2014) - Linux

2021-11-01 00:00:00

CentOS Update for httpd CESA-2014:0920 centos6

2014-07-28 00:00:00

freebsd

apache22 -- several vulnerabilities

2014-07-19 00:00:00

apache24 -- several vulnerabilities

2014-07-15 00:00:00

hackerone

Boozt Fashion AB: Instance of Apache Vulnerable to Several Issues

2016-09-08 15:44:15

Internet Bug Bounty: moderate: mod_deflate denial of service

2014-02-19 00:00:00

Pornhub: SSRF & XSS (W3 Total Cache)

2016-05-14 01:22:59

nessus

FreeBSD : apache22 -- several vulnerabilities (f927e06c-1109-11e4-b090-20cf30e32f6d)

2014-07-25 00:00:00

GLSA-201504-03 : Apache: Multiple vulnerabilities

2015-04-13 00:00:00

Apache 2.2.x < 2.2.28 Multiple Vulnerabilities

2014-09-04 00:00:00

amazon

Important: httpd

2014-07-31 13:54:00

Important: httpd24

2014-07-31 13:56:00

Low: httpd

2014-09-17 21:48:00

debian

[SECURITY] [DSA 2989-1] apache2 security update

2014-07-24 22:19:45

[SECURITY] [DSA 2989-1] apache2 security update

2014-07-24 22:19:45

[SECURITY] [DLA 66-1] apache2 security update

2014-09-29 13:40:41

veracode

Denial Of Service (DoS)

2019-05-02 05:03:42

Denial Of Service (DoS)

2019-05-02 05:03:41

Denial Of Service (DoS)

2019-05-02 05:03:43

mageia

Updated apache package fixes security vulnerabilities

2014-07-30 01:30:55

Updated apache package fixes security vulnerabilities

2014-07-30 01:30:55

centos

httpd, mod_ssl security update

2014-07-23 15:12:33

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2014-07-23 15:36:55

httpd, mod_ssl security update

2015-07-26 14:13:10

ibm

Security Bulletin: Vulnerabilities in httpd affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance

2018-06-17 22:30:11

Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)

2018-06-15 07:00:11

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

2022-09-08 00:26:26

osv

apache2 - security update

2014-07-24 00:00:00

apache2 - security update

2014-09-29 00:00:00

apache2 - security update

2014-10-16 00:00:00

redhat

(RHSA-2014:0920) Important: httpd security update

2014-07-23 00:00:00

(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update

2014-08-21 00:00:00

(RHSA-2014:1020) Important: Red Hat JBoss Enterprise Application Platform 6.3.0 update

2014-08-06 00:00:00

oraclelinux

httpd security update

2014-07-23 00:00:00

httpd security update

2014-07-23 00:00:00

httpd24-httpd security and bug fix update

2016-02-04 00:00:00

fedora

[SECURITY] Fedora 20 Update: httpd-2.4.10-1.fc20

2014-07-25 10:03:52

[SECURITY] Fedora 19 Update: httpd-2.4.10-1.fc19

2014-08-15 02:47:11

securityvulns

Apache multiple security vulnerabilities

2014-07-28 00:00:00

[USN-2299-1] Apache HTTP Server vulnerabilities

2014-07-28 00:00:00

slackware

[slackware-security] httpd

2014-07-24 01:35:41

ubuntu

Apache HTTP Server vulnerabilities

2014-07-23 00:00:00

SOL15893 - Apache HTTP server vulnerabilities CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231, and CVE-2014-3523

2014-12-04 00:00:00

Apache vulnerability CVE-2013-5704

2015-07-07 21:58:00

SOL16863 - Apache vulnerability CVE-2013-5704

2015-07-07 00:00:00

suse

Security update for apache2 (important)

2014-09-02 19:04:20

Security update for apache2 (important)

2014-09-02 20:04:23

Security update for the Apache Web Server (important)

2014-08-07 01:04:17

httpd

Apache Httpd < 2.4.12 : HTTP Trailers processing bypass

2013-09-06 00:00:00

Apache Httpd < 2.2.29 : HTTP Trailers processing bypass

2013-09-06 00:00:00

Apache Httpd < 2.4.10 : mod_deflate denial of service

2014-02-19 00:00:00

cvelist

CVE-2013-5704

2014-04-15 10:00:00

CVE-2014-0118

2014-07-20 10:00:00

CVE-2014-0231

2014-07-20 10:00:00

prion

Design/Logic Flaw

2014-04-15 10:55:00

Design/Logic Flaw

2014-07-20 11:12:00

Cross site request forgery (csrf)

2014-07-20 11:12:00

seebug

ModSecurity 'mod_headers'模块安全限制绕过漏洞

2014-04-04 00:00:00

debiancve

CVE-2013-5704

2014-04-15 10:55:11

CVE-2014-0226

2014-07-20 11:12:48

CVE-2014-0118

2014-07-20 11:12:48

nvd

CVE-2013-5704

2014-04-15 10:55:11

CVE-2014-0226

2014-07-20 11:12:48

CVE-2014-0118

2014-07-20 11:12:48

cve

CVE-2013-5704

2014-04-15 10:55:11

CVE-2014-0226

2014-07-20 11:12:48

CVE-2014-0118

2014-07-20 11:12:48

ubuntucve

CVE-2013-5704

2014-04-15 00:00:00

CVE-2014-0226

2014-07-20 00:00:00

CVE-2014-0118

2014-07-20 00:00:00

zdi

Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability

2014-07-16 00:00:00

packetstorm

Apache Scoreboard / Status Race Condition

2014-07-21 00:00:00

checkpoint_advisories

Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)

2014-09-17 00:00:00

Apache HTTP Server mod_status Heap Buffer Overflow (CVE-2014-0226)

2014-08-06 00:00:00

Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)

2014-12-28 00:00:00

zdt

Apache 2.4.7 httpd mod_status Heap Buffer Overflow Vulnerability

2014-07-20 00:00:00

exploitdb

Apache 2.4.7 mod_status - Scoreboard Handling Race Condition

2014-07-21 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.955

Percentile

99.4%

JSON

Related for GLSA-201504-03