BIT-NODE-2024-27982

The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in ...

Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users

Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...

RHEL 4 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd information disclosure in FileEtag CVE-2003-1418 - httpd: HTTP request smuggling attack against...

RHEL 5 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modmime buffer overread CVE-2017-7679 - httpd: Weak Digest auth nonce generation in modauthdigest...

RHEL 6 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Possible integer overflow to fix inside XMLParse in Expat CVE-2016-9063 - httpd: Weak Digest aut...

ROS-20240603-04

Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory OOM...

Security Bulletin: IBM Aspera Console has addressed multiple HTTP vulnerabilities (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)

Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information CVE-2022-43841, CVE-2024-24795, CVE-2023-38709...

[SECURITY] Fedora 40 Update: qt6-qthttpserver-6.7.1-1.fc40

Library to facilitate the creation of an http server with Qt...

F5 NGINX Plus and NGINX Open Source Denial of Service Vulnerabilities

NGINX is an HTTP and reverse proxy server, email proxy server and general purpose TCP/UDP proxy server. A denial of service vulnerability exists in F5 NGINX Plus and NGINX Open Source, which can be exploited by an unauthenticated, remote attacker to cause a denial of service...

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

SUSE CVE-2021-47544

In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar...

PT-2024-4676 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to serving WebSocket protocol upgrades over a HTTP/2 connection, which could result in a Null Pointer dereference. This can lead to a crash of the server...

Fedora: Security Advisory (FEDORA-2024-937be154d8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-d0dccd6b96)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3818-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS -...

BIT-FLUENT-BIT-2024-4323 Fluent Bit Memory Corruption Vulnerability

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution...

RHEL 8 : httpd:2.4 (RHSA-2024:3121)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3121 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro:...

python -- several vulnerabilities

Hugo van Kemenade reports: Python 3.14.2 and 3.13.11 are now available ... and come with some bonus security fixes. gh-142145: Remove quadratic behavior in node ID cache clearing CVE-2025-12084 gh-119451: Fix a potential denial of service in http.client only in 3.13; CVE-2025-13836 gh-119452: Fix...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...