Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2023-25690)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Advisory ROSA-SA-2023-2161

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: httpd-2.4.37-51.rv3.5.src.rpm CVE-ID: CVE-2022-28614 BDU-ID: 2022-04102 CVE-Crit: MEDIUM CVE-DESC: A vulnerability in the aprwrite function of the Apache HTTP Server web server is related to integer overflow. Exploitation of the...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2023-26281)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

CVE-2022-36760 - HTTP Request Smuggling

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions...

NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing...

[SECURITY] [DLA 3408-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...

FreeBSD : h2o -- Malformed HTTP/1.1 causes Out-of-Memory Denial of Service (4da51989-5a8b-4eb9-b442-46d94ec0802d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4da51989-5a8b-4eb9-b442-46d94ec0802d advisory. - H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to...

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF020 and 22.0.2-IF004. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

Design/Logic Flaw

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

CVE-2023-30847

CVE-2023-30847 affects the H2O HTTP server. In versions up to 2.3.0-beta2, the reverse proxy handler could read from an uninitialized pointer when processing a certain invalid HTTP request, potentially causing crashes or information leakage to backend servers. The issue was fixed by PR 3229 and m...

CVE-2023-30847

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

Advisory ROSA-SA-2023-2160

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2021-36160 BDU-ID: 2021-06099 CVE-Crit: HIGH CVE-DESC: A vulnerability in the modproxyuwsgi function of the Apache HTTP Server web server is related to reading data outside of the specified buffer. Exploitatio...

Advisory ROSA-SA-2023-2159

Software: httpd 2.4.37 OS: ROSA Virtualization 2.1 packageevrstring: 2.4.37 CVE-ID: CVE-2006-20001 BDU-ID: 2023-01105 CVE-Crit: HIGH CVE-DESC: A vulnerability in the moddav module of the Apache HTTP Server web server is related to an operation exceeding buffer boundaries. Exploitation of the...

Advisory ROSA-SA-2023-2158

Software: httpd 2.4.6 OS: rosa-server79 packageevrstring: 2.4.6-98.7 CVE-ID: CVE-2021-40438 BDU-ID: 2021-04820 CVE-Crit: CRITICAL CVE-DESC: A vulnerability in the modproxy module of the Apache HTTP Server web server is related to insufficient validation of incoming requests. Exploitation of the...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service due to IBM HTTP Server (CVE-2023-26281)

Summary Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service. This is due to IBM HTTP Server, used by IBM WebSphere Application Server, which is vulnerable to a denial of service using a...

NewStart CGSL MAIN 6.06 : httpd Multiple Vulnerabilities (NS-SA-2023-1001)

The remote NewStart CGSL host, running version MAIN 6.06, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily...

KODExplorer 4.49 Cross Site Request Forgery / Shell Upload

Exploit Title: KodExplorer ' path = '/data/User/admin/home/' targetpath = input' Target KODExplorer path ex /var/www...

httpd: HTTP request splitting with mod_rewrite and mod_proxy

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...