Security Bulletin: Vulnerabilities in Bash affect ”WebSphere Message Broker v8 HVE” and “IBM Integration Bus V9 HVE” (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by ”WebSphere Message Broker v8 HVE” and “IBM Integration Bus V9 HVE”...

Security Bulletin: Vulnerability in SSLv3 affects IBM Intelligent Operations Center and related products, and Integrated Information Core (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM HTTP Server and IBM WebSphere Application Server, used by the IBM products listed below. Vulnerability Details CVE ID :CVE-2014-3566...

CVE-2022-30953

A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2222)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Improper Certificate Validation in Microsoft

CVE-2022-26923-Powershell-POC A powershell poc to load and aut...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-2243)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

Oracle Linux 6 : httpd (ELSA-2022-9714)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9714 advisory. 2.2.15-69.0.5 - handle large writes in aprputs CVE-2022-28614Orabug: 34317854 Tenable has extracted the preceding description block directly from the Oracle Lin...

httpd security update

2.2.15-69.0.5 - handle large writes in aprputs CVE-2022-28614Orabug: 34317854...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-2256)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

Security Bulletin: Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System

Summary Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with Cloud Pak System. Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system,...

Puma: Multiple Vulnerabilities

Background Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack. Description Multiple vulnerabilities have been discovered in Puma. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-9682)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9682 advisory. httpd 2.4.37-47.0.2.2 - modproxy: approxyhttprequest to clear hop-by-hop first and Tenable has extracted the preceding description block directly from the Oracl...

Motion: Denial of service

Background Motion is a program that monitors the video signal from one or more cameras and is able to detect motions. Description The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a...

Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in an express update CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813 and CVE-2022-30556 : Vulnerability Details...

Oracle Linux 9 : httpd (ELSA-2022-9680)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9680 advisory. 2.4.51-7.0.2 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381949 Tenable has extracted the preceding...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Apache / 2.4.49 CVE-2021-41773 exploit by G...

php security update

An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

Oracle Linux 6 : httpd (ELSA-2022-9676)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9676 advisory. - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 Tenable has extracted the preceding description block...