SUSE-SU-2024:1301-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.12.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscatio...

Micrium OS Network HTTP Server 安全漏洞

Micrium OS Network HTTP Server is an application from Micrium Corporation, USA. A security vulnerability exists in Micrium OS Network HTTP Server that stems from the presence of an invalid pointer dereference, resulting in a device crash and a denial of service DOS attack...

Oracle Fusion Middleware 的 Oracle HTTP Server 安全漏洞

Oracle Fusion Middleware and Oracle HTTP Server are both products of Oracle Corporation.Oracle Fusion Middleware is a business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and other capabilities.Oracle HTTP Server is the Web...

PT-2024-3098 · Micrium · Micrium Os Network Http Server

Name of the Vulnerable Software and Affected Versions: Micrium OS Network HTTP Server affected versions not specified Description: A bug in the Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing, potentially allowing a device crash and Denial of Service...

PT-2024-3197 · Oracle · Oracle Http Server

Name of the Vulnerable Software and Affected Versions: Oracle HTTP Server version 12.2.1.4.0 Description: The issue is related to insufficient protection of service data in the Web Listener component of Oracle HTTP Server, allowing an unauthenticated attacker with network access via HTTP to...

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...

OESA-2024-1412 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

USN-6729-1: Apache HTTP Server vulnerabilities

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. CVE-2023-38709 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validatin...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Apache HTTP Server vulnerabilities (USN-6729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-1 advisory. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use...

Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2023-52425)

Summary IBM HTTP Server is used by IBM WebSphere Application Server WAS in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin. Vulnerability Details Refer to the security...

AlmaLinux 9 : nodejs:20 (ALSA-2024:1688)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1688 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Apache has released updates to fix the vulnerabilities in Apache server 2.4.59...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36395)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.58 and earlier versions, which can be exploited t...

Apache HTTP Server Response Splitting Vulnerability (CNVD-2024-36394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a response splitting vulnerability that can be exploited by an attacker to inject arbitrary HTTP...

Apache HTTP Server Resource Management Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A resource management error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause memory...

Internet Bug Bounty: Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames

The Apache HTTP Server vulnerability CVE-2024-27316 was recently discovered. HTTP/2 incoming headers exceeding the limit were temporarily buffered in nghttp2 to generate an HTTP 413 response. However, if the client did not stop sending headers, this led to memory exhaustion. The vulnerability was...

Apache HTTP Server: HTTP response splitting

...

Oracle Linux 8 : nodejs:20 (ELSA-2024-1687)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1687 advisory. - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 high Tenable has extracted the preceding description block directly from the Oracl...