Vulnerability & Exploit Database

Displaying entries 1 - 10 of 22 in total

Results for: CVE-2009-1891 Back to search

RHSA-2009:1580: httpd security update Vulnerability

  • Severity: 8
  • Published: September 07, 2009

The Apache HTTP Server is a popular Web server.A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handle session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could force...

SUSE Linux Security Advisory: SUSE-SA:2009:050 Vulnerability

  • Severity: 10
  • Published: August 05, 2009

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc funct...

Sun Patch: SunOS 5.10: Apache 2 Patch Vulnerability

  • Severity: 10
  • Published: August 05, 2009

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecifi...

RHSA-2009:1205: httpd security and bug fix update Vulnerability

  • Severity: 10
  • Published: August 05, 2009

Updated httpd packages that fix multiple security issues and a bug are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contai...

RHSA-2010:0602: Red Hat Certificate System 7.3 security update Vulnerability

  • Severity: 10
  • Published: August 05, 2009

Updated packages that fix multiple security issues and rebase various components are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available fo...

Sun Patch: SunOS 5.10_x86: Apache 2 Patch Vulnerability

  • Severity: 10
  • Published: August 05, 2009

modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecifi...

Apache HTTPD: mod_deflate DoS (CVE-2009-1891) Vulnerability

  • Severity: 7
  • Published: July 09, 2009

The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_deflate. Review your web server configuration for validation. A denial of service flaw was found in the mod_deflate module. This module continued to compress large files until compression was complete, even if the network conn...

ELSA-2009-1205 Moderate: Enterprise Linux httpd security and bug fix update Vulnerability

  • Severity: 10
  • Published: July 09, 2009

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc funct...

Gentoo Linux: CVE-2009-1891: Apache: Multiple vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 09, 2009

The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).