Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Apache
Опубликовано:20 июля 2015 г.
Источник:
SecurityVulns ID:14598
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS, несколько потенциальных уязвимостей.
Затронутые продукты:APACHE : Apache 2.4
CVE:CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.)
 CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.)
 CVE-2015-0253 (The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] httpd (SSA:2015-198-01) (20.07.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород