SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:1573-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1573-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack...

Fedora 36 : httpd (2023-7df48f618b)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7df48f618b advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...

Debian: Security Advisory (DSA-5376-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-136)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-136 advisory. Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form...

USN-5942-2: Apache HTTP Server vulnerability

USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Original advisory details: Lars Krapf discovered that the Apache HTTP Server modproxy module incorrectly handled certain configurations. A remote attacker...

K000133098: Apache vulnerability CVE-2023-25690

Security Advisory Description Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches...

Zyxel Unauthenticated LAN Remote Code Execution Exploit

This Metasploit module exploits a buffer overflow in the zhttpd binary /bin/zhttpd. It is present on more than 40 Zyxel routers and CPE devices. The code execution vulnerability can only be exploited by an attacker if the zhttp webserver is reachable. No authentication is required. After...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

Amazon Linux AMI : httpd24 (ALAS-2023-1711)

The version of httpd24 installed on the remote host is prior to 2.4.56-1.100. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1711 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5942-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5942-2 advisory. USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Tenable has extract...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0803-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0803-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-115 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to cras...

[SECURITY] [DSA 5376-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2023 https://www.debian.org/security/faq -...

Important: httpd24

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-35452)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35452 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-30641)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-30641 advisory. - Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...