122 matches found
MiracleLinux 7 : httpd-2.4.6-98.7.0.1.el7.AXS7 (AXSA:2023-5265:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5265:04 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...
MiracleLinux 8 : httpd:2.4 httpd-2.4.37-51.module+el8+1598+5e93bbc9.5.ML.1, mod_http2-1.15.7-5.module+el8+1598+5e93bbc9.4, mod_md-2.0.8-8.module+el8+1598+5e93bbc9 (AXSA:2023-5275:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5275:01 advisory. httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Tenable has extracted the preceding description block directly from the MiracleLinu...
TencentOS Server 4: httpd (TSSA-2024:0666)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0666 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 2: httpd (TSSA-2023:0060)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0060 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 3: mod_http2 (TSSA-2023:0047)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0047 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 3: httpd:2.4 (TSSA-2023:0200)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0200 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Exploit for HTTP Request Smuggling in Apache Http_Server
CVE 2023 25690 - Proof of Concept Published: 7 March 2023...
Azure Linux 3.0 Security Update: httpd / mod_http2 (CVE-2023-25690)
The version of httpd / modhttp2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25690 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP...
CVE-2023-25690 affecting package mod_http2 for versions less than 2.0.29-3
CVE-2023-25690 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...
Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.
Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...
Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 - Resolves: RHEL-29817 - httpd:2.4/modhttp2: httpd:...
httpd:2.4 security update
httpd 2.4.37-64.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-64 - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 2.4.37-63 - modxml2enc: fix media type handling Resolves: RHEL-14321 modhttp2 1.15.7-10 - Resolves: RHEL-29817 -...
CentOS 9 : mod_http2-1.15.19-5.el9
The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the modhttp2-1.15.19-5.el9 build changelog. - HTTP request splitting with modrewrite and modproxy CVE-2023-25690 Note that Nessus has not tested for this issue but has instead relied only o...
RHEL 8 : httpd:2.4 (RHSA-2023:1672)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1672 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting wi...
CentOS 7 : httpd (RHSA-2023:1593)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1593 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when...
Security Bulletin: Vulnerability in httpd (CVE-2023-25690) affects Power HMC
Summary HTTPD is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of...
Exploit for HTTP Request Smuggling in Apache Http_Server
CVE-2023-25690 Mô tả CVE-2023-25690: - Một vài cấu hình mod...
httpd and mod_http2 security, bug fix, and enhancement update
httpd 2.4.57-5.0.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-5 - Fix issue found by covscan - Related: 2222001 2.4.57-4 - Resolves: 2217726 - Make PROPFIND tolerant of deletion race 2.4.57-3 - Resolves: 2222001 - modstatus lists BusyWorkers IdleWorkers keys twice...
Vulnerabilities fixed in Oracle Hyperion
Vulnerabilities have been fixed in Oracle Hyperion products. A malicious party can exploit the vulnerabilities to gain full control to the Oracle Hyperion infrastructure. ------------------.------.------------------------------------- | CVE-ID | CVSS | Vector |...
GLSA-202309-01 : Apache HTTPD: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202309-01 Apache HTTPD: Multiple Vulnerabilities - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the...