SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
Apache Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1032967
SecurityTracker URL:  http://securitytracker.com/id/1032967
CVE Reference:   CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185   (Links to External Site)
Date:  Jul 16 2015
Impact:   Denial of service via network, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.x prior to 2.4.16
Description:   Several vulnerabilities were reported in Apache. A remote user can cause denial of service conditions on the target system. The impact of some vulnerabilities was not specified.

A remote user can trigger a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active [CVE-2015-0253]. Versions 2.4.11 and after are affected. The vendor has assigned PR 57531 to this vulnerability.

A remote user can send a specially crafted websockets ping to trigger a flaw in mod_lua and cause the target child process to crash [CVE-2015-0228]. The vulnerability occurs when the ping is received and then a script calls the r:wsupgrade() function.

A remote user can trigger a chunk header parsing flaw in apr_brigade_flatten() [CVE-2015-3183]. The impact was not specified.

A remote user can trigger an unspecified flaw in ap_some_auth_required() [CVE-2015-3185]. The impact was not specified.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix (2.4.16), available at:

http://httpd.apache.org/download.cgi

The vendor's advisory will be available at:

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor URL:  httpd.apache.org/ (Links to External Site)
Cause:   Access control error, Input validation error, Not specified, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 28 2015 (Ubuntu Issues Fix) Apache Bugs Let Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu 12.04 LTS, 14.04 LTS, and 15.04.
Aug 25 2015 (Red Hat Issues Fix) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Aug 25 2015 (Red Hat Issues Fix) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Aug 25 2015 (Oracle Issues Fix for Oracle Linux) Apache Bugs Let Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Aug 25 2015 (Oracle Issues Fix for Oracle Linux) Apache Bugs Let Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6.
Aug 25 2015 (Red Hat Issues Fix) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6, 6.5, 6.6, 7, and 7.1.
Sep 2 2015 (IBM Issues Fix for IBM HTTP Server (IHS)) Apache Bugs Let Remote Users Deny Service
IBM has issued a fix for IBM HTTP Server (IHS).
Sep 17 2015 (Apple Issues Fix for Apple Xcode) Apache Bugs Let Remote Users Deny Service
Apple has issued a fix for Apple Xcode.
Sep 29 2015 (IBM Issues Fix for IBM Security Identity Manager) Apache Bugs Let Remote Users Deny Service
IBM has issued a fix for IBM Security Identity Manager 5.1 and 6.0.
Oct 16 2015 (HP Issues Fix) Apache Bugs Let Remote Users Deny Service
HP has issued a fix for HP-UX.
Oct 28 2015 (IBM Issues Fix for IBM Security Network Protection) Apache Bugs Let Remote Users Deny Service
IBM has issued a fix for IBM Security Network Protection.
Nov 12 2015 (QNAP Systems Issues Fix for QNAP QTS) Apache Bugs Let Remote Users Deny Service
QNAP Systems has issued a fix for QNAP QTS.
Nov 20 2015 (IBM Issues Fix for IBM Tivoli Monitoring) Apache Bugs Let Remote Users Deny Service
IBM has issued a fix for IBM Tivoli Monitoring.
Dec 16 2015 (Red Hat Issues Fix for JBoss Web Server) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for JBoss Web Server for Red Hat Enterprise Linux, Solaris, and Windows.
Jan 8 2016 (HP Issues Fix for HP-UX Web Server) Apache Bugs Let Remote Users Deny Service
HP has issued a fix for HP-UX Web Server for HP-UX 11.23 and 11.31.
Jan 20 2016 (Oracle Issues Fix for Oracle Secure Global Desktop) Apache Bugs Let Remote Users Deny Service
Oracle has issued a fix for Oracle Secure Global Desktop.
Jan 21 2016 (Red Hat Issues Fix for JBoss) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux 5, 6, and 7.
Jan 22 2016 (Red Hat Issues Fix for JBoss) Apache Bugs Let Remote Users Deny Service
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC