Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Try our Premium Alert Service
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service

Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
(Oracle Issues Fix for Oracle Linux) Apache Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1033370
SecurityTracker URL:
CVE Reference:   CVE-2015-3183   (Links to External Site)
Date:  Aug 25 2015
Impact:   Denial of service via network, Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.x prior to 2.4.16
Description:   Several vulnerabilities were reported in Apache. A remote user can cause denial of service conditions on the target system. The impact of some vulnerabilities was not specified.

A remote user can trigger a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active [CVE-2015-0253]. Versions 2.4.11 and after are affected. The vendor has assigned PR 57531 to this vulnerability.

A remote user can send a specially crafted websockets ping to trigger a flaw in mod_lua and cause the target child process to crash [CVE-2015-0228]. The vulnerability occurs when the ping is received and then a script calls the r:wsupgrade() function.

A remote user can trigger a chunk header parsing flaw in apr_brigade_flatten() [CVE-2015-3183]. The impact was not specified.

A remote user can trigger an unspecified flaw in ap_some_auth_required() [CVE-2015-3185]. The impact was not specified.

Impact:   A remote user can cause denial of service conditions.
Solution:   Oracle has issued a fix for CVE-2015-3183 for Oracle Linux.

The Oracle Linux advisory is available at:

Cause:   Access control error, Input validation error, Not specified, State error
Underlying OS:  Linux (Oracle)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Jul 16 2015 Apache Bugs Let Remote Users Deny Service

 Source Message Contents

Subject:  [El-errata] ELSA-2015-1668 Moderate: Oracle Linux 6 httpd security update

Oracle Linux Security Advisory ELSA-2015-1668

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile

- fix regressions caused by fix for CVE-2015-3183

El-errata mailing list

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2018, LLC