Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5839-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5839-2 advisory. USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

USN-5839-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2006-20001 ZeddYuLu discovered that the Apache HTTP Server modproxyajp...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5839-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5839-1 advisory. It was discovered that the Apache HTTP Server moddav module incorrectly handled certain If: request headers. A remote attacker...

Ubuntu: Security Advisory (USN-5834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5834-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly use this issue to cause the process to crash, leading to a denial of service. CVE-2006-20001 It was discovered that the Apache HTTP Server...

The vulnerability of the httpd parse_ping_result API of the microprogramming software for InHand Networks’ InRouter302 routers arises from copying buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of the httpd parsepingresult API of the microprogramming software for InHand Networks InRouter302 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5834-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5834-1 advisory. It was discovered that the Apache HTTP Server moddav module did not properly handle specially crafted request headers. A remote attacker could possibly u...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1260)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1675111607 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...

CLSA-2023-1675111450 httpd: Fix of CVE-2022-36760

CVE-2022-36760: modproxyajp: fix possible HTTP request smuggling...

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2023-1260)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

PT-2023-2262 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.55 uWSGI PyPI package versions prior to 2.0.22 Description: The issue is related to HTTP Response Smuggling vulnerability in Apache HTTP Server via mod proxy uwsgi. Special characters in the orig...

Fedora: Security Advisory for httpd (FEDORA-2023-f6ff3f85eb)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: httpd-2.4.55-1.fc37

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 37 : httpd (2023-f6ff3f85eb)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f6ff3f85eb advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0183-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0183-1 advisory. - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location...

Rocky Linux 9 : httpd (RLSA-2022:8067)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8067 advisory. - Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop...

GHSA-GMHF-37FX-C4Q8 Missing permission checks in Jenkins Orka Plugin allow capturing credentials

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2023-24432

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...