3 captures
05 Sep 2015 - 27 Jan 2024
Aug SEP Oct
05
2014 2015 2016
success
fail

About this capture

COLLECTED BY

Organization: Internet Archive

The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.

Collection: Wide Crawl Number 13

Web Wide Crawl Number 13
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20150905220236/http://lwn.net/Articles/651762/
  
LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for September 3, 2015

Debsources as a platform

LWN.net Weekly Edition for August 27, 2015

Reviving the Hershey fonts

Glibc wrappers for (nearly all) Linux system calls

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache: multiple vulnerabilities

Package(s):apache httpd CVE #(s):CVE-2015-0253 CVE-2015-3183 CVE-2015-3185
Created:July 20, 2015 Updated:August 26, 2015
Description: From the Arch Linux advisory:

- CVE-2015-0253 (denial of service): Fix a crash with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced in 2.4.11. PR 57531.

- CVE-2015-3183 (denial of service): core: Fix chunk header parsing defect. Remove apr_brigade_flatten(), buffering and duplicated code from the HTTP_IN filter, parse chunks in a single pass with zero copy. Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters.

- CVE-2015-3185 (authentication bypass): Replacement of ap_some_auth_required (unusable in Apache httpd 2.4) with new ap_some_authn_required and ap_force_authn hook.

Alerts:
Arch Linux ASA-201507-15 apache 2015-07-17
Slackware SSA:2015-198-01 httpd 2015-07-17
Fedora FEDORA-2015-11689 httpd 2015-07-21
Mageia MGASA-2015-0281 apache 2015-07-27
Ubuntu USN-2686-1 apache2 2015-07-27
Debian-LTS DLA-284-1 apache2 2015-07-28
Fedora FEDORA-2015-11792 httpd 2015-07-30
Debian DSA-3325-1 apache2 2015-08-01
Debian DSA-3325-2 apache2 2015-08-18
Red Hat RHSA-2015:1667-01 httpd 2015-08-24
Red Hat RHSA-2015:1668-01 httpd 2015-08-24
Red Hat RHSA-2015:1666-01 httpd24-httpd 2015-08-24
CentOS CESA-2015:1668 httpd 2015-08-24
Oracle ELSA-2015-1667 httpd 2015-08-24
Oracle ELSA-2015-1668 httpd 2015-08-24
Scientific Linux SLSA-2015:1667-1 httpd 2015-08-24
Scientific Linux SLSA-2015:1668-1 httpd 2015-08-24
CentOS CESA-2015:1667 httpd 2015-08-25
(Log in to post comments)


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds