Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SA:2005:051
HistorySep 12, 2005 - 1:00 p.m.

local command execution, authentication bypass, in apache2

2005-09-1213:00:50
lists.opensuse.org
41

0.956 High

EPSS

Percentile

99.4%

JSON

This update of apache2 fixes an integer overflow in the PCRE quantifier parsing which can be triggered by a local untrusted user by using a carefully crafted regex in a .htaccess file to execute arbitrary code. (CAN-2005-2491)

Solution

There are no workarounds known.

OSVersionArchitecturePackageVersionFilename
openSUSE9.1x86_64apache2-prefork< 2.0.49-27.34apache2-prefork-2.0.49-27.34.x86_64.rpm
openSUSE9.2i586apache2-worker< 2.0.50-7.7apache2-worker-2.0.50-7.7.i586.rpm
openSUSE9.2i586apache2-devel< 2.0.50-7.7apache2-devel-2.0.50-7.7.i586.rpm
openSUSE9.2x86_64apache2-prefork< 2.0.50-7.7apache2-prefork-2.0.50-7.7.x86_64.rpm
openSUSE9.0i586apache2-metuxmpm< 2.0.48-155apache2-metuxmpm-2.0.48-155.i586.rpm
openSUSE9.0x86_64apache2-prefork< 2.0.48-155apache2-prefork-2.0.48-155.x86_64.rpm
openSUSE9.0i586apache2< 2.0.48-155apache2-2.0.48-155.i586.rpm
openSUSE9.3i586apache2-devel< 2.0.53-9.5apache2-devel-2.0.53-9.5.i586.rpm
openSUSE9.0x86_64apache2< 2.0.48-155apache2-2.0.48-155.x86_64.rpm
openSUSE9.2x86_64apache2-devel< 2.0.50-7.7apache2-devel-2.0.50-7.7.x86_64.rpm
Rows per page:
1-10 of 441

Related

suse 4
openvas 61
nessus 51
nvd 3
cve 4
cvelist 4
ubuntucve 3
slackware 6
centos 5
redhat 3
gentoo 12
osv 6
debian 13
ubuntu 2
securityvulns 7
freebsd 2
patchstack 1
packetstorm 1
cert 2
f5 4
exploitpack 1
oraclelinux 1
debiancve 1
wpvulndb 1
checkpoint_advisories 1
suse
suse
remote code execution in php4, php5
2005-08-30 14:35:22
local command execution, authentication bypass, in apache2
2005-09-16 12:34:21
remote code execution in pcre
2005-08-30 13:56:51
openvas
openvas
SLES9: Security update for Apache2
2009-10-10 00:00:00
SLES9: Security update for Apache2
2009-10-10 00:00:00
Slackware Advisory SSA:2005-251-04 php5 in Slackware 10.1
2012-09-11 00:00:00
nessus
nessus
SUSE-SA:2005:051: php4,php5
2005-10-05 00:00:00
SUSE-SA:2005:049: php4, php5
2005-10-05 00:00:00
GLSA-200509-19 : PHP: Vulnerabilities in included PCRE and XML-RPC libraries
2005-10-05 00:00:00
nvd
nvd
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-2700
2005-09-06 23:03:00
CVE-2005-1921
2005-07-05 04:00:00
cve
cve
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-1921
2005-07-05 04:00:00
CVE-2005-2700
2005-09-06 23:03:00
cvelist
cvelist
CVE-2005-2498
2005-08-15 04:00:00
CVE-2005-1921
2005-07-01 04:00:00
CVE-2005-2700
2005-09-06 04:00:00
ubuntucve
ubuntucve
CVE-2005-2498
2005-08-15 00:00:00
CVE-2005-1921
2005-07-05 00:00:00
CVE-2005-2700
2005-09-06 00:00:00
slackware
slackware
PHP
2005-08-30 15:54:11
php5 in Slackware 10.1
2005-09-08 15:55:19
slackware-current security updates
2005-09-08 15:55:02
centos
centos
httpd, mod_ssl security update
2005-09-06 15:58:02
mod_ssl security update
2005-09-16 00:34:35
php security update
2005-08-19 18:20:20
redhat
redhat
(RHSA-2005:608) httpd security update
2005-09-06 00:00:00
(RHSA-2005:748) php security update
2005-08-19 00:00:00
(RHSA-2005:773) mod_ssl security update
2005-09-15 00:00:00
gentoo
gentoo
PHP: Vulnerabilities in included PCRE and XML-RPC libraries
2005-09-27 00:00:00
Apache, mod_ssl: Multiple vulnerabilities
2005-09-19 00:00:00
TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
2005-08-24 00:00:00
osv
osv
php4 - several
2005-08-29 00:00:00
apache2 - several
2005-09-08 00:00:00
drupal - missing input sanitising
2005-10-04 00:00:00
debian
debian
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilities
2005-08-29 15:31:06
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-09-07 00:00:00
PHP XMLRPC vulnerability
2005-07-05 00:00:00
securityvulns
securityvulns
Advisory 02/2005: Remote code execution in Serendipity
2005-06-30 00:00:00
[Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability
2005-08-15 00:00:00
[Full-disclosure] Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability
2005-08-15 00:00:00
freebsd
freebsd
pear-XML_RPC -- remote PHP code injection vulnerability
2005-08-15 00:00:00
pear-XML_RPC -- arbitrary remote code execution
2005-06-29 00:00:00
patchstack
patchstack
WordPress <= 1.3.0 - Eval Injection
2005-06-08 00:00:00
packetstorm
packetstorm
PHP XML-RPC Arbitrary Code Execution
2009-10-30 00:00:00
cert
cert
mod_ssl fails to properly enforce client certificates authentication
2005-09-09 00:00:00
Multiple PHP XML-RPC implementations vulnerable to code injection
2005-07-06 00:00:00
f5
f5
K5857 : Client certificate check vulnerability in Apache - CVE-2005-2700
2013-03-28 00:00:00
K5278 : Apache mod_ssl SSLVerifyClient bypass - CAN-2005-2700
2013-03-28 00:00:00
SOL5857 - Client certificate check vulnerability in Apache - CVE-2005-2700
2007-05-16 00:00:00
exploitpack
exploitpack
PHPXMLRPC 1.1 - Remote Code Execution
2015-07-02 00:00:00
oraclelinux
oraclelinux
python security update
2006-11-30 00:00:00
debiancve
debiancve
CVE-2005-2728
2005-08-30 11:45:00
wpvulndb
wpvulndb
WordPress <= 1.5.1.2 - XMLRPC Eval Injection
2005-06-29 00:00:00
checkpoint_advisories
checkpoint_advisories
LupperA XMLRPC Propagation Request Code Execution - Ver2 (CVE-2005-1921)
2015-03-26 00:00:00

0.956 High

EPSS

Percentile

99.4%

JSON
Related for SUSE-SA:2005:051
suse4openvas61nessus51nvd3cve4cvelist4ubuntucve3slackware6centos5redhat3gentoo12osv6debian13ubuntu2securityvulns7freebsd2patchstack1packetstorm1cert2f54exploitpack1oraclelinux1debiancve1wpvulndb1checkpoint_advisories1