Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2020-4751.NASL
HistoryNov 06, 2023 - 12:00 a.m.

Rocky Linux 8 : httpd:2.4 (RLSA-2020:4751)

2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
rocky linux 8
apache http server
vulnerabilities
rlsa-2020:4751
http/2
cve-2018-17189
cve-2019-0196
cve-2019-0197
cve-2019-10081
cve-2019-10082
cve-2019-10092
cve-2019-10097
cve-2019-10098
cve-2020-1927
cve-2020-1934
nessus

7.6 High

AI Score

Confidence

High

JSON

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4751 advisory.

  • In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)

  • A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. (CVE-2019-0196)

  • A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this issue. (CVE-2019-0197)

  • HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request’s pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)

  • In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. (CVE-2019-10082)

  • In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)

  • In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. (CVE-2019-10097)

  • In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. (CVE-2019-10098)

  • In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. (CVE-2020-1927)

  • In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. (CVE-2020-1934)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2020:4751.
##

include('compat.inc');

if (description)
{
  script_id(184538);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id(
    "CVE-2018-17189",
    "CVE-2019-0196",
    "CVE-2019-0197",
    "CVE-2019-10081",
    "CVE-2019-10082",
    "CVE-2019-10092",
    "CVE-2019-10097",
    "CVE-2019-10098",
    "CVE-2020-1927",
    "CVE-2020-1934"
  );
  script_xref(name:"RLSA", value:"2020:4751");
  script_xref(name:"CEA-ID", value:"CEA-2019-0203");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Rocky Linux 8 : httpd:2.4 (RLSA-2020:4751)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2020:4751 advisory.

  - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain
    resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming
    data. This affects only HTTP/2 (mod_http2) connections. (CVE-2018-17189)

  - A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2
    request handling could be made to access freed memory in string comparison when determining the method of
    a request and thus process the request incorrectly. (CVE-2019-0196)

  - A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host
    or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not
    the first request on a connection could lead to a misconfiguration and crash. Server that never enabled
    the h2 protocol or that only enabled it for https: and did not set H2Upgrade on are unaffected by this
    issue. (CVE-2019-0197)

  - HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with H2PushResource, could lead
    to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of
    the configured push link header values, not data supplied by the client. (CVE-2019-10081)

  - In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made
    to read memory after being freed, during connection shutdown. (CVE-2019-10082)

  - In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the
    mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point
    to a page of their choice. This would only be exploitable where a server was set up with proxying enabled
    but was misconfigured in such a way that the Proxy Error page was displayed. (CVE-2019-10092)

  - In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy
    server using the PROXY protocol, a specially crafted PROXY header could trigger a stack buffer overflow
    or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by
    untrusted HTTP clients. (CVE-2019-10097)

  - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be
    self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the
    request URL. (CVE-2019-10098)

  - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be
    self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within
    the request URL. (CVE-2020-1927)

  - In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a
    malicious FTP server. (CVE-2020-1934)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2020:4751");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1209162");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1668497");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1695030");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1695042");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743956");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743959");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743966");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743974");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743996");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1771847");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814236");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1820761");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1820772");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1832844");
  script_set_attribute(attribute:"solution", value:
"Update the affected mod_md, mod_md-debuginfo and / or mod_md-debugsource packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10082");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_md");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_md-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:mod_md-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var module_ver = get_kb_item('Host/RockyLinux/appstream/httpd');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');
if ('2.4' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module httpd:' + module_ver);

var appstreams = {
    'httpd:2.4': [
      {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debuginfo-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debugsource-2.0.8-8.module+el8.4.0+553+7a69454b', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'mod_md-debugsource-2.0.8-8.module+el8.5.0+695+1fa8055e', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
};

var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
  var appstream = NULL;
  var appstream_name = NULL;
  var appstream_version = NULL;
  var appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach var package_array ( appstreams[module] ) {
      var reference = NULL;
      var _release = NULL;
      var sp = NULL;
      var _cpu = NULL;
      var el_string = NULL;
      var rpm_spec_vers_cmp = NULL;
      var epoch = NULL;
      var allowmaj = NULL;
      var exists_check = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
      if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module httpd:2.4');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mod_md / mod_md-debuginfo / mod_md-debugsource');
}
VendorProductVersionCPE
rockylinuxmod_mdp-cpe:/a:rocky:linux:mod_md
rockylinuxmod_md-debuginfop-cpe:/a:rocky:linux:mod_md-debuginfo
rockylinuxmod_md-debugsourcep-cpe:/a:rocky:linux:mod_md-debugsource
rockylinux8cpe:/o:rocky:linux:8

References

Related

nessus 63
osv 7
almalinux 1
rocky 1
redhat 6
oraclelinux 2
ubuntu 2
openvas 39
photon 5
suse 2
gentoo 1
freebsd 2
debian 3
ibm 20
amazon 5
kaspersky 2
slackware 1
mageia 2
fedora 7
symantec 1
archlinux 1
altlinux 3
centos 1
f5 4
alpinelinux 2
ubuntucve 2
cve 2
hackerone 2
prion 3
veracode 1
redhatcve 2
httpd 2
debiancve 1
zdt 1
nessus
nessus
Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)
2020-11-12 00:00:00
RHEL 8 : httpd:2.4 (RHSA-2020:4751)
2020-11-04 00:00:00
CentOS 8 : httpd:2.4 (CESA-2020:4751)
2021-02-01 00:00:00
osv
osv
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
apache2 - security update
2019-08-26 00:00:00
almalinux
almalinux
Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
redhat
redhat
(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update
2020-11-03 12:33:02
(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
2020-04-06 19:02:18
(RHSA-2020:1337) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
2020-04-06 19:02:25
oraclelinux
oraclelinux
httpd:2.4 security, bug fix, and enhancement update
2020-11-10 00:00:00
httpd security, bug fix, and enhancement update
2020-10-06 00:00:00
ubuntu
ubuntu
Apache HTTP Server regression
2019-09-17 00:00:00
Apache HTTP Server vulnerabilities
2019-08-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4113-2)
2019-09-18 00:00:00
Ubuntu: Security Advisory (USN-4113-1)
2019-08-30 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2237-1)
2021-06-09 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178
2019-10-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253
2019-10-15 00:00:00
Critical Photon OS Security Update - PHSA-2019-0253
2019-10-15 00:00:00
suse
suse
Security update for apache2 (important)
2019-09-02 00:00:00
Security update for apache2 (important)
2020-05-02 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2019-09-06 00:00:00
freebsd
freebsd
Apache -- Multiple vulnerabilities
2019-08-14 00:00:00
Apache -- Multiple vulnerabilities
2020-04-01 00:00:00
debian
debian
[SECURITY] [DSA 4509-1] apache2 security update
2019-08-26 19:52:07
[SECURITY] [DSA 4509-1] apache2 security update
2019-08-26 19:52:07
[SECURITY] [DLA 1900-1] apache2 security update
2019-08-28 22:39:55
ibm
ibm
Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.
2019-12-18 14:26:38
Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )
2020-02-07 02:02:44
Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098)
2019-09-30 12:42:18
amazon
amazon
Medium: httpd24
2019-10-18 23:22:00
Medium: httpd
2019-10-28 17:42:00
Low: httpd
2020-05-19 18:32:00
kaspersky
kaspersky
KLA12366 Multiple vulnerabilities in Apache HTTP Server
2019-08-14 00:00:00
KLA12367 Multiple vulnerabilities in Apache HTTP Server
2020-04-01 00:00:00
slackware
slackware
[slackware-security] httpd
2020-03-31 19:45:57
mageia
mageia
Updated apache packages fix security vulnerabilities
2019-12-25 22:08:41
Updated apache packages fix security vulnerabilities
2020-04-15 13:12:14
fedora
fedora
[SECURITY] Fedora 30 Update: mod_md-2.0.8-2.fc30
2019-08-23 01:27:58
[SECURITY] Fedora 29 Update: httpd-2.4.41-1.fc29
2019-09-30 01:39:18
[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30
2019-08-23 01:27:58
symantec
symantec
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
2020-06-12 20:41:37
archlinux
archlinux
[ASA-202004-14] apache: multiple issues
2020-04-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 1:2.4.43-alt1
2020-04-09 00:00:00
Security fix for the ALT Linux 9 package apache2 version 1:2.4.43-alt1
2020-04-08 00:00:00
Security fix for the ALT Linux 10 package apache2 version 1:2.4.43-alt1
2020-04-06 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2020-10-20 18:13:33
f5
f5
K44591505 : Apache vulnerabilities CVE-2019-0196, CVE-2019-0197, and CVE-2019-0220
2019-05-07 00:00:00
K86612211 : Apache vulnerability CVE-2018-17189
2019-02-04 00:00:00
K82200103 : Apache mod_http2 vulnerability CVE-2019-10082
2019-09-03 00:00:00
alpinelinux
alpinelinux
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10097
2019-09-26 16:15:00
ubuntucve
ubuntucve
CVE-2018-17189
2019-01-30 00:00:00
CVE-2019-10097
2019-08-14 00:00:00
cve
cve
CVE-2018-17189
2019-01-30 22:29:00
CVE-2019-10082
2019-09-26 16:15:00
hackerone
hackerone
Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)
2019-08-23 13:38:25
Internet Bug Bounty: mod_remoteip stack buffer overflow and NULL pointer dereference
2019-08-15 14:42:13
prion
prion
Session fixation
2019-09-26 16:15:00
Design/Logic Flaw
2019-01-30 22:29:00
Code injection
2019-09-25 17:15:00
veracode
veracode
Denial Of Service (DoS)
2019-11-21 00:17:08
redhatcve
redhatcve
CVE-2018-17189
2019-01-22 21:50:53
CVE-2019-10097
2020-04-01 20:22:36
httpd
httpd
Apache Httpd < 2.4.38 : DoS for HTTP/2 connections via slow request bodies
2018-10-16 00:00:00
Apache Httpd < 2.4.41 : CVE-2019-10097 mod_remoteip: Stack buffer overflow and NULL pointer dereference
2019-07-23 00:00:00
debiancve
debiancve
CVE-2018-17189
2019-01-30 22:29:00
zdt
zdt
Apache Httpd mod_rewrite - Open Redirects Vulnerability
2019-11-19 00:00:00

7.6 High

AI Score

Confidence

High

JSON
Related for ROCKY_LINUX_RLSA-2020-4751.NASL
nessus63osv7almalinux1rocky1redhat6oraclelinux2ubuntu2openvas39photon5suse2gentoo1freebsd2debian3ibm20amazon5kaspersky2slackware1mageia2fedora7symantec1archlinux1altlinux3centos1f54alpinelinux2ubuntucve2cve2hackerone2prion3veracode1redhatcve2httpd2debiancve1zdt1