Alibaba Cloud Linux 3 : 0133: httpd:2.4 (ALINUX3-SA-2022:0133)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0133 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-13950: Apache HTTP Server version...

Alibaba Cloud Linux 3 : 0145: httpd:2.4 (ALINUX3-SA-2023:0145)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0145 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-27522: HTTP Response Smuggling vulnerabili...

Alibaba Cloud Linux 3 : 0023: httpd:2.4 (ALINUX3-SA-2022:0023)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0023 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-22720: Apache HTTP Server 2.4.52 and earli...

Alibaba Cloud Linux 3 : 0116: httpd:2.4 (ALINUX3-SA-2024:0116)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31122: Out-of-bounds Read...

Alibaba Cloud Linux 3 : 0017: httpd:2.4 (ALINUX3-SA-2022:0017)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0017 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-0190: A bug exists in the way...

Alibaba Cloud Linux 3 : 0144: httpd:2.4 (ALINUX3-SA-2023:0144)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0144 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2006-20001: A carefully crafted If:...

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

PT-2025-20898 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an XML Entity Injection vulnerability. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoint...

PT-2025-21639 · Undefined · Undefined

CVE-2025-4668 - Apache HTTP Server Deserialization Vulnerability CVE ID : CVE-2025-4668 Published : May 13, 2025, 9:16 p.m. | 2 hours, 7 minutes ago Description : Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and...

PT-2025-20895 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a denial of service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue w...

PT-2025-20894 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns unvalidated user input. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...

PT-2025-20893 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure in the Apache HTTP Server. No specific details about the nature of the disclosure or how it can be exploited are provided. There is n...

Important: mod_auth_openidc security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: modauthopenidc allows OIDCProviderAuthRequestMethod POSTs to leak...

PT-2025-20613 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an unvalidated redirect in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or real-worl...

PT-2025-20610 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available regarding the estimated number of potentially affected devices or real-world incidents...

PT-2025-20611 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns unvalidated user input in the Apache HTTP Server. No further details are available about the nature of the issue or its potential impact. Recommendations: At the moment,...

[SECURITY] [DSA 5917-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5917-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2025 https://www.debian.org/security/faq -...

RLSA-2024:7457 Moderate: mod_jk bug fix update

The modjk module is an Apache HTTP Server plug-in that enables the Apache HTTP Server to connect with the Apache Tomcat servlet engine. Bug Fixes: Rebase to upstream 1.2.50 release JIRA:Rocky Linux-58855 Security fixes: modjk: information Disclosure / DoS CVE-2024-46544 JIRA:Rocky Linux-59800...

RLSA-2024:4720 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

RLSA-2024:5289 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: DoS when using OIDCSessionType client-cookie and manipulating...