Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.27. BZ2161667 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cook...

The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.

The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...

PT-2023-20583 · Ibm · Ibm Http Server

Name of the Vulnerable Software and Affected Versions: IBM HTTP Server versions 8.5 Description: The issue allows a remote user to cause a denial of service using a specially crafted URL. Recommendations: For IBM HTTP Server version 8.5, consider restricting access to the server until a fix is...

AlmaLinux 9 : httpd (ALSA-2023:0970)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0970 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value...

ALSA-2023:0970 Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

Oracle Linux 9 : httpd (ELSA-2023-0970)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0970 advisory. - Resolves: 2165970 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165973 - CVE-2022-37436 httpd: modproxy: HTTP...

RHEL 9 : httpd (RHSA-2023:0970)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0970 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav:...

Security Bulletin: IBM HTTP Server is vulnerable to a denial of service (CVE-2023-26281)

Summary IBM HTTP Server, which is used by IBM WebSphere Application Server, is vulnerable to a denial of service using a specially crafted URL. This has been addressed in the remediation section below. Vulnerability Details CVEID:CVE-2023-26281 DESCRIPTION: IBM HTTP Server used by IBM WebSphere...

Mitsubishi Electric MELSOFT iQ AppPortal

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT iQ AppPortal Vulnerabilities: HTTP Request Smuggling, Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of these...

ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits

Summary Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Tenable SecurityCenter 5.22.0 / 5.23.1 / 6.0.0 Apache Header Truncation (TNS-2023-06)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host has a third-party software vulnerability in Apache HTTP Server. Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in so...

Amazon Linux 2 : httpd (ALAS-2023-1938)

The version of httpd installed on the remote host is prior to 2.4.55-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1938 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

K000132643: Apache HTTP server vulnerability CVE-2022-36760

Security Advisory Description Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4...

Oracle Linux 8 : httpd:2.4 (ELSA-2023-0852)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0852 advisory. - Resolves: 2165976 - CVE-2006-20001 httpd: moddav: out-of-bounds read/write of zero byte - Resolves: 2165977 - CVE-2022-37436 httpd: modproxy: HTTP...

K54207009: Apache mod_remoteip vulnerability CVE-2019-10097

Security Advisory Description In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only...

K16090693: Apache HTTP server vulnerability CVE-2021-44224

Security Advisory Description A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint...

K15865: Apache HTTP server vulnerability CVE-2012-4558

Security Advisory Description Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject...

K92153852: Apache httpd vulnerability CVE-2022-30522

Security Advisory Description If Apache HTTP Server 2.4.53 is configured to do transformations with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort. CVE-2022-30522 Impact There is no impact; F5 products are...