Oracle Linux 8 : httpd:2.4 (ELSA-2019-3436)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3436 advisory. - In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in modauthdigest when running in a threaded server could allow a user with valid...

Oracle Linux 8 : python38:3.8 (ELSA-2020-4641)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4641 advisory. - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote...

Oracle Linux 7 : httpd (ELSA-2020-3958)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3958 advisory. - Resolves: 1823262 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value - Resolves: 1565491 - CVE-2017-15715 httpd: bypass with a trailing...

PT-2023-9026

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.59 Description The issue is related to HTTP Response splitting in multiple modules in Apache HTTP Server, which allows an attacker to inject malicious response headers into backend applications, causing...

The vulnerability of the Lightweight HTTP Server component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a attacker to induce a service failure.

The vulnerability of the Lightweight HTTP Server component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Exploit for CVE-2023-4634

CVE-2023-4634 RCE Exploit for Wordpress Plugin Media-Library P...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application and IBM HTTP Server included as part of IBM Tivoli Monitoring ITM portal server: CVE-2023-25690, CVE-2023-24966, CVE-2023-24998, CVE-2023-27554, CVE-2022-39161, CVE-2023-32342 and CVE-2023-35890. The remediati...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request splitting attacks due to an error using mod_proxy (CVE-2023-25690).

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP request splitting attacks due to an error using modproxy as described in the vulnerability details section. IBM i has addressed the vulnerability by providing a fix to the Apache HTTP Server implementation as described in t...

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.23 / 9.0.0.0 < 9.0.5.14 Code Execution

The version of IBM HTTP Server running on the remote host is affected by an arbitrary code execution vulnerability in the Expat library. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase [CVE-2023-32342]

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2023-32342 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affecte...

httpd: mod_proxy: HTTP response splitting

A flaw was found in the modproxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client...

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 (RHSA-2023:4629)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4629 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

CVE-2023-40225

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpre...

mod_auth_openidc:2.3 security update

An update is available for module.modauthopenidc, cjose, module.cjose, modauthopenidc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an...

PT-2023-9250 · Actiontec · Actiontec Wcb6200Q

Name of the Vulnerable Software and Affected Versions: Actiontec WCB6200Q affected versions not specified Description: The issue is related to a stack-based buffer overflow in the uh get postdata withupload function of the HTTP server in Actiontec WCB6200Q Wi-Fi range extenders. This allows a...

Exploit for Path Traversal in Apache Http_Server

PoC exploit for CVE-2021-41773 and CVE-2021-42013, two vulnerabi...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...