Apache HTTP Server 2.4.17 - 2.4.57 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

KLA61504 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Out of memory crash vulnerability in HTTP/2 stream memory can be exploited to cause denial of service 2. Out of...

Vulnerabilities fixed in Oracle Fusion Middleware

Vulnerabilities have been fixed in Oracle Fusion Middleware. A malicious party can exploit the vulnerabilities exploit them to carry out attacks that can result in the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root privileges Access to sensitive dat...

PT-2023-6410

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions through 2.4.57 Description The issue is related to an out-of-bounds read vulnerability in the mod macro module of the Apache HTTP Server. This vulnerability can be exploited by a remote attacker to cause a denial of...

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Information Disclosure (6998037)

The version of IBM HTTP Server running on the remote host is affected by an information disclosure vulnerability due to IBM GSKit which is used for SSL connections. An unauthenticated, remote attacker could exploit a timing-based side channel in the RSA Decryption implementation, by sending an...

PT-2023-6452 · Apache +7 · Apache Http Server +7

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.55 through 2.4.57 Description: The issue is related to a HTTP/2 connection with an initial window size of 0, which can block handling of that connection indefinitely in Apache HTTP Server. This could be used to...

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

FreeBSD : Apache httpd -- Multiple vulnerabilities (f923205f-6e66-11ee-85eb-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f923205f-6e66-11ee-85eb-84a93843eb75 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2023-292-01)

The version of httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-292-01 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTT...

ALSA-2023:5927 Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

IBM HTTP Server 8.5.5.22 < 8.5.5.24 DoS (6958522)

The version of IBM HTTP Server running on the remote host is affected by a denial of service DoS vulnerability, which could allow an unauthenticated, remote attacker to cause a denial of service using a specially crafted URL. Note that Nessus has not tested for this issue but has instead relied...

Apache 2.4.x < 2.4.58 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - Apache HTTP Server: DoS in HTTP/2 with initial windows size 0: An attacker, opening a HTTP/2 connection with an initial windo...

Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows size 0 CVE-2023-31122: modmacro buffer over-read...

Cisco IOS XE vulnerability widely exploited in the wild

An authentication bypass affecting Cisco IOS X was disclosed on October 16, 2023. Researchers have found since then that the vulnerability is widely being exploited in the wild to help install implants on affected switches and routers. Cisco IOS XE is a universally deployed Internetworking...

CVE-2023-22019

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2023-22019

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

Design/Logic Flaw

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2023-22019

CVE-2023-22019 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware, specifically version 12.2.1.4.0. The vulnerability enables an unauthenticated attacker with network access via HTTP to compromise the server and potentially access all Oracle HTTP Server data. CVSS 3.1 base ...

CVE-2023-20198: Active Exploitation of Cisco IOS XE Zero-Day Vulnerability

On Monday, October 16, Cisco’s Talos group published a blog on an active threat campaign exploiting CVE-2023-20198, a “previously unknown” zero-day vulnerability in the web UI component of Cisco IOS XE software. IOS XE is an operating system that runs on a wide range of Cisco networking devices,...

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that's under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is tracked as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring syste...