490 matches found
mod_md security update
An update is available for modmd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module manages common properties of domains for one or more virtual hosts...
RLSA-2025:23739 Important: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...
mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals
An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...
Important: Red Hat Security Advisory: mod_md security update
An update for modmd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Important: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals
An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...
Important: Red Hat Security Advisory: mod_md security update
An update for modmd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...
ALSA-2025:23738 Important: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: modmd:...
AlmaLinux 8 : httpd:2.4 (ALSA-2025:23732)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23732 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 modmd: Apache HTTP Server: modmd ACME, unintended retry intervals...
RHEL 10 : mod_md (RHSA-2025:23738)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23738 advisory. This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate...
RHEL 9 : mod_md (RHSA-2025:23739)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23739 advisory. This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate...
mod_md security update
1:2.4.26-1.1 - Resolves: RHEL-134496 - httpd: Apache HTTP Server: modmd ACME, unintended retry intervals CVE-2025-55753...
SUSE-SU-2025:4488-1 Security update for apache2
This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed modmd ACME unintended retry intervals bsc1254511 - CVE-2025-65082: Fixed CGI environment variable override bsc1254514 - CVE-2025-58098: Fixed Server Side Includes adding query string to exec cmd=... bsc1254512 -...
CVE-2025-44005
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...
CVE-2025-44005
The CVE describes an Authorization bypass in Smallstep Step CA where ACME or SCEP provisioners can create certificates without completing certain protocol authorization checks. Affected component: Step CA (ACME/SCEP provisioners). Root cause: bypass of authorization checks. Impact: potential issu...
[SECURITY] Fedora 42 Update: mod_md-2.6.6-1.fc42
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
[SECURITY] Fedora 43 Update: mod_md-2.6.7-1.fc43
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...
smallstep Step-CA Certificate Signing authentication bypass vulnerability
Talos Vulnerability Report TALOS-2025-2242 smallstep Step-CA Certificate Signing authentication bypass vulnerability December 17, 2025 CVE Number CVE-2025-44005 SUMMARY An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completi...
FreeBSD : step-certificates -- Authorization Bypass in ACME and SCEP Provisioners (eca46635-db51-11f0-9b8d-40a6b7c3b3b8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eca46635-db51-11f0-9b8d-40a6b7c3b3b8 advisory. smallstep reports: An attacker can bypass authorization checks and force a Step CA ACME or SCEP...