11629 matches found
ALSA-2024:2278 Moderate: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
RHEL 9 : mod_http2 (RHSA-2024:2368)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2368 advisory. The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd:...
Moderate: httpd security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: mod_jk and mod_proxy_cluster security update
The modjk module is a plugin for the Apache HTTP Server to connect it with the Apache Tomcat servlet engine. The modproxycluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fixes: httpd: Apache Tomcat Connectors modjk Information Disclosure...
USN-6729-3: Apache HTTP Server vulnerabilities
USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue ...
Fedora 40 : llhttp / python-aiohttp (2024-2f15e6e876)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-2f15e6e876 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...
Fedora 40 : httpd (2024-937be154d8)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-937be154d8 advisory. This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES2.4.59 for complet...
Fedora 40 : nodejs20 (2024-2ffe03eaa6)
"The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2ffe03eaa6 advisory. 2024-04-03, Version 20.12.1 'Iron' LTS, @RafaelGSS This is a security release Notable Changes CVE-2024-27983 - Assertion failed in...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-606)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-606 advisory. This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then...
Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)
The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the...
ROS-20240425-01
Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...
ROS-20240423-01
Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2024-24795, CVE-2023-38709)
Summary IBM HTTP Server is used by IBM WebSphere Application Server WAS in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin. Vulnerability Details Refer to the security...
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1543)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : llhttp / python-aiohttp / uxplay (2024-f83b123d63)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-f83b123d63 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp...
SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:1355-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1355-1 advisory. - The team has identified a vulnerability in the http server of the most recent version of Node, where malformed headers can lead t...
Fedora 38 : llhttp / python-aiohttp / uxplay (2024-5dc487ee89)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-5dc487ee89 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Additionally, llhttp 9.2.0 contained a number of bug fixes. Backport llhttp 9.2.1 support to python-aiohttp...
CVE-2024-31991
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...
SUSE-SU-2024:1355-1 Security update for nodejs14
This update for nodejs14 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1524)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw allows a malicious HTTP server to set 'super cookies' in curl that are then passed back to more origins than what is...