Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

CLSA-2022-1663184139 Fixed CVE-2021-28861 in python3

CVE-2021-28861: fix redirection vulnerability in http.server - fix tests to be compatible with expat 2.2.5...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Digital Business Automation Workflow family products

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow and IBM Business Process Manager

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-13938, CVE-2021-30641)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2291)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-2291)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-2320)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

CVE-2021-34798. NULL pointer dereference in httpd core.

Security Advisory ID : BSA-2022-1597 Component : Apache httpd Revision : 1.0 Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. Affected Products All versions of Brocade Fabric OS...

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

Security Bulletin: Potential security exposure with IBM HTTP Server 8.0 and earlier (PM46234) (CVE-2011-3192)

Summary Crafted range requests can result in potential denial of service with IBM HTTP Server IHS. Vulnerability Details Potential denial of service from attack using crafted range requests CVE Reference: CVE-2011-3192. Affected Products and Versions Affected: IBM HTTP Server IHS Versions 2.0...

Security Bulletin: IBM HTTP Server CPU utilization (CVE-2014-0963)

Summary IBM HTTP Server is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM HTTP Server is affected by a problem with the handling of certain S...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.35

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.35, IBM WebSphere Application Server Hypervisor 7.0.0.35 and IBM HTTP Server 7.0.0.35. Vulnerability Details CVE ID:CVE-2014-3021 APAR PI08268 DESCRIPTION: IBM WebSphere Application Server cou...

Security Bulletin: Potential Denial of service vulnerability in IBM HTTP Server (CVE-2013-6329)

Summary A potential denial of service vulnerability in SSL handshake processing in IBM HTTP Server IHS. Vulnerability Details CVEID: CVE-2013-6329 Description: Potential denial of service in SSL handshake processing. CVSS Base Score: 7.1 CVSS Temporal Score: See...

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9 Vulnerability Details CVE ID:CVE-2013-6323 PI04777 and PI04880 DESCRIPTION: The Administration Console of IBM WebSphere Application...

Security Bulletin: Potential denial of service may affect IBM HTTP Server on Windows (CVE-2015-1829)

Summary There is a potential denial of service that may affect IBM HTTP Server on Windows CVE-2015-1829. To exploit the attack requires local access to the server system. Vulnerability Details CVEID: CVE-2015-1829 DESCRIPTION: Apache Portable Runtime is vulnerable to a denial of service, caused b...

Security Bulletin: Potential vulnerability in IBM HTTP Server (CVE-2016-8743)

Summary There is a potential response splitting attack vulnerability in IBM HTTP Server. The fix for CVE-2016-8743 supercedes CVE-2016-4975. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of...

Security Bulletin: Stack Buffer overflow may affect IBM HTTP Server (CVE-2015-4947)

Summary Stack buffer overflow may affect IBM HTTP Server. The IBM HTTP Server is used by IBM WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer overflow, caused by improper handling of...