Security Bulletin: IBM HTTP Server is vulnerable to denial of service due to libexpat (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to denial of service due to libexpat. This has been addressed. Vulnerability Details CVEID:CVE-2022-43680 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a use-after free created by overeager...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to arbitrary code execution due to Expat (CVE-2022-40674)

Summary IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On uses IBM HTTP Server that is vulnerable to arbitrary code execution due to Expat. The Expat library is used by IBM HTTP Server's WebDAV moddav support, but may also be used by third-par...

Oracle Linux 9 : httpd (ELSA-2022-8067)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8067 advisory. - Resolves: 2094997 - CVE-2022-26377 httpd: modproxyajp: Possible request smuggling - Resolves: 2097032 - CVE-2022-28615 httpd: out-of-bounds read in...

F5 BIG-IP iControl Cross Site Request Forgery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl CSRF File Write SOAP API', 'Description' = %q This module exploits a cross-site request forgery CSRF vulnerability in F5...

AlmaLinux 9 : httpd (ALSA-2022:8067)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8067 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server...

SUSE SLED15 / SLES15 Security Update : java-17-openjdk (SUSE-SU-2022:4079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4079-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

AlmaLinux 9 : python3.9 (ALSA-2022:8353)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8353 advisory. - In Python aka CPython through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-43680_CVE-2013-0340_CVE-2017-9233)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2022-43680, CVE-2013-0340, CVE-2017-9233)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

CVE-2022-24942

Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request...

prometheus/client_golang: Denial of service using InstrumentHandlerCounter

A denial of service attack was found in prometheus/clientgolang. This flaw allows an attacker to produce a denial of service attack on an HTTP server by exploiting the InstrumentHandlerCounter function in the version below 1.11.1, resulting in a loss of availability...

Moderate: Red Hat Security Advisory: php security, bug fix, and enhancement update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

httpd: mod_sed: Read/write beyond bounds

An out-of-bounds read/write vulnerability was found in the modsed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using modsed with data provided by the attacker...

httpd: mod_proxy_ajp: Possible request smuggling

An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: mod_lua: DoS in r:parsebody

A flaw was found in the modlua module of httpd. A malicious request to a Lua script that calls parsebody0 can lead to a denial of service due to no default limit on the possible input size...

httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism

A flaw was found in the modproxy module of httpd. The server may remove the X-Forwarded- headers from a request based on the client-side Connection header hop-by-hop mechanism...

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RLSA-2022:8197 Moderate: php security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.20. BZ2095752 Security Fixes: php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in...

RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

httpd security, bug fix, and enhancement update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...