Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2523-1
HistoryMar 10, 2015 - 12:00 a.m.

Apache HTTP Server vulnerabilities

2015-03-1000:00:00
ubuntu.com
38

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.467 Medium

EPSS

Percentile

97.5%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • apache2 - Apache HTTP server

Details

Martin Holst Swende discovered that the mod_headers module allowed HTTP
trailers to replace HTTP headers during request processing. A remote
attacker could possibly use this issue to bypass RequestHeaders directives.
(CVE-2013-5704)

Mark Montague discovered that the mod_cache module incorrectly handled
empty HTTP Content-Type headers. A remote attacker could use this issue to
cause the server to stop responding, leading to a denial of service. This
issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-3581)

Teguh P. Alko discovered that the mod_proxy_fcgi module incorrectly
handled long response headers. A remote attacker could use this issue to
cause the server to stop responding, leading to a denial of service. This
issue only affected Ubuntu 14.10. (CVE-2014-3583)

It was discovered that the mod_lua module incorrectly handled different
arguments within different contexts. A remote attacker could possibly use
this issue to bypass intended access restrictions. This issue only affected
Ubuntu 14.10. (CVE-2014-8109)

Guido Vranken discovered that the mod_lua module incorrectly handled a
specially crafted websocket PING in certain circumstances. A remote
attacker could possibly use this issue to cause the server to stop
responding, leading to a denial of service. This issue only affected
Ubuntu 14.10. (CVE-2015-0228)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchapache2.2-bin<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-bin<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-dbg<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-dev<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-mpm-event<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-mpm-itk<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-mpm-prefork<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-mpm-worker<ย 2.4.10-1ubuntu1.1UNKNOWN
Ubuntu14.10noarchapache2-suexec<ย 2.4.10-1ubuntu1.1UNKNOWN
Rows per page:
1-10 of 551

Related

openvas 35
nessus 63
securityvulns 5
fedora 5
slackware 2
amazon 3
freebsd 3
f5 6
hackerone 4
debian 1
osv 1
redhat 10
centos 2
oraclelinux 4
mageia 3
httpd 6
prion 5
cve 5
nvd 5
cvelist 5
debiancve 5
ubuntucve 5
seebug 1
veracode 4
ibm 5
gentoo 3
kaspersky 1
archlinux 1
oracle 1
openvas
openvas
Ubuntu: Security Advisory (USN-2523-1)
2015-03-11 00:00:00
Fedora Update for httpd FEDORA-2014-17195
2015-03-16 00:00:00
Fedora Update for httpd FEDORA-2014-17153
2015-03-01 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Apache HTTP Server vulnerabilities (USN-2523-1)
2015-03-11 00:00:00
FreeBSD : apache24 -- several vulnerabilities (5804b9d4-a959-11e4-9363-20cf30e32f6d)
2015-02-02 00:00:00
Amazon Linux AMI : httpd24 (ALAS-2015-483)
2015-02-13 00:00:00
securityvulns
securityvulns
[USN-2523-1] Apache HTTP Server vulnerabilities
2015-03-15 00:00:00
Apache multiple security vulnerabilities
2015-04-16 00:00:00
[slackware-security] httpd &#40;SSA:2015-198-01&#41;
2015-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21
2015-03-16 01:41:46
[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20
2015-02-28 10:22:55
[SECURITY] Fedora 21 Update: httpd-2.4.12-1.fc21
2015-06-02 15:17:51
slackware
slackware
[slackware-security] httpd
2015-04-22 01:20:26
[slackware-security] httpd
2015-07-17 20:25:06
amazon
amazon
Low: httpd24
2015-02-12 10:57:00
Low: httpd
2014-09-17 21:48:00
Medium: httpd24
2015-08-17 12:27:00
freebsd
freebsd
apache24 -- several vulnerabilities
2015-01-29 00:00:00
apache22 -- several vulnerabilities
2014-07-19 00:00:00
apache24 -- multiple vulnerabilities
2015-02-04 00:00:00
f5
f5
SOL16847 - Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
2015-07-02 00:00:00
Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
2015-07-03 00:14:00
Apache vulnerability CVE-2013-5704
2015-07-07 21:58:00
hackerone
hackerone
Open-Xchange: Outdated Apache Server in www.dovecot.fi is vulnerable to various attack.
2016-05-18 16:33:46
Internet Bug Bounty: mod_proxy_fcgi buffer overflow
2014-09-17 00:00:00
Internet Bug Bounty: mod_lua: Crash in websockets PING handling
2015-01-28 00:00:00
debian
debian
[SECURITY] [DLA 71-1] apache2 security update
2014-10-16 10:10:29
osv
osv
apache2 - security update
2014-10-16 00:00:00
redhat
redhat
(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update
2014-12-09 00:00:00
(RHSA-2015:0325) Low: httpd security, bug fix, and enhancement update
2015-03-05 00:00:00
(RHSA-2015:1249) Low: httpd security, bug fix, and enhancement update
2015-07-22 05:29:38
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-03-17 13:28:17
httpd, mod_ssl security update
2015-07-26 14:13:10
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2015-03-11 00:00:00
httpd24-httpd security and bug fix update
2016-02-04 00:00:00
httpd security, bug fix, and enhancement update
2015-07-28 00:00:00
mageia
mageia
Updated apache packages fix security vulnerabilities
2014-12-13 23:16:05
Updated apache packages fix CVE-2014-8109
2015-01-07 19:32:10
Updated apache packages fix CVE-2015-0228
2015-03-06 21:08:57
httpd
httpd
Apache Httpd < 2.4.12 : mod_lua multiple "Require" directive handling is broken
2014-11-09 00:00:00
Apache Httpd < 2.2.29 : HTTP Trailers processing bypass
2013-09-06 00:00:00
Apache Httpd < 2.4.12 : HTTP Trailers processing bypass
2013-09-06 00:00:00
prion
prion
Authorization
2014-12-29 23:59:00
Design/Logic Flaw
2014-04-15 10:55:00
Design/Logic Flaw
2014-12-15 18:59:00
cve
cve
CVE-2014-8109
2014-12-29 23:59:00
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3583
2014-12-15 18:59:02
nvd
nvd
CVE-2014-8109
2014-12-29 23:59:00
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3583
2014-12-15 18:59:02
cvelist
cvelist
CVE-2014-8109
2014-12-29 23:00:00
CVE-2014-3583
2014-12-15 17:27:00
CVE-2013-5704
2014-04-15 10:00:00
debiancve
debiancve
CVE-2014-8109
2014-12-29 23:59:00
CVE-2013-5704
2014-04-15 10:55:11
CVE-2014-3583
2014-12-15 18:59:02
ubuntucve
ubuntucve
CVE-2014-8109
2014-12-29 00:00:00
CVE-2013-5704
2014-04-15 00:00:00
CVE-2014-3583
2014-12-15 00:00:00
seebug
seebug
ModSecurity 'mod_headers'ๆจกๅ—ๅฎ‰ๅ…จ้™ๅˆถ็ป•่ฟ‡ๆผๆดž
2014-04-04 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 09:03:16
Denial Of Service (DoS)
2019-05-02 05:05:52
Denial Of Service (DoS)
2019-01-15 09:07:16
ibm
ibm
Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console (CVE-2013-5704, CVE-2015-3183)
2021-09-23 01:31:39
Security Bulletin: Multiple vulnerabilities fixed in IBM HTTP Server (APAR PI22070)
2018-06-15 07:00:11
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35
2022-09-08 00:26:26
gentoo
gentoo
Apache: Multiple vulnerabilities
2015-04-11 00:00:00
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
Apache: Multiple vulnerabilities
2017-01-15 00:00:00
kaspersky
kaspersky
KLA10640 Multiple vulnerabilities in Apache HTTP Server
2015-07-21 00:00:00
archlinux
archlinux
apache: multiple issues
2015-07-17 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.3 Medium

AI Score

Confidence

Low

0.467 Medium

EPSS

Percentile

97.5%

JSON
Related for USN-2523-1
openvas35nessus63securityvulns5fedora5slackware2amazon3freebsd3f56hackerone4debian1osv1redhat10centos2oraclelinux4mageia3httpd6prion5cve5nvd5cvelist5debiancve5ubuntucve5seebug1veracode4ibm5gentoo3kaspersky1archlinux1oracle1