[users@httpd] CVE-2017-3169: mod_ssl null pointer dereference

CVE-2017-3169: mod_ssl null pointer dereference Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTT

[users@httpd] CVE-2017-7679: mod_mime buffer overread

CVE-2017-7679: mod_mime buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. Mitigation:

[users@httpd] CVE-2017-7668: ap_find_token buffer overread

CVE-2017-7668: ap_find_token buffer overread Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.32 httpd 2.4.24 (unreleased) httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which a

[users@httpd] CVE-2017-3167: ap_get_basic_auth_pw authentication bypass

CVE-2017-3167: ap_get_basic_auth_pw authentication bypass Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.2.0 to 2.2.32 httpd 2.4.0 to 2.4.25 Description: Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead

RE: [users@httpd] Building httpd2.4.25 on powerpc-ibm-aix7.1.0.0

Hi Eric et al., I built apache and I am able to successfully reach the url from Firefox: "It works". However, when I run ./davautocheck.sh from ~/ci/subversion/subversion/tests/cmdline, it finds apxs but generates this error: davautocheck.sh: Using '~/ci/httpd-2.4.25/apache/bin/apxs'... Use of

[users@httpd] check_forensic script on Red Hat?

Does check_forensic still exist? I am not finding it.

[users@httpd] CVE-2017-7659: mod_http2 null pointer dereference

CVE-2017-7659: mod_http2 null pointer dereference Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.24 (unreleased) httpd 2.4.25 Description: A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server

[users@httpd] [ANNOUNCE] Apache HTTP Server 2.4.26 Released

Apache HTTP Server 2.4.26 Released June 19, 2017 The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.26 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new