Oracle Linux 7 : httpd (ELSA-2022-9675)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9675 advisory. 2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850 Tenable has extracted the preceding...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2199)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-1784 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module.CVE-2022-28330...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2022-2180)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2199)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to bypass security restrictions and obtain sensitive information due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to bypass security restrictions due to failure to send headers CVE-2022-31813, read unintended memory due to large inputs to aprwrite function CVE-2022-28614, and read buffer beyond bound due to large input to apstrcmpmatch...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813, CVE-2022-30556. This has been addressed Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP...

Exploit for Path Traversal in Apache Http_Server

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-4...

Exploit for Path Traversal in Apache Http_Server

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-4...

Oracle Enterprise Manager Ops Center (Jul 2022 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTTP...

Security Bulletin: IBM Rational Build Forge is vulnerable to HTTP request smuggling due to use of Apache HTTP server CVE-2022-22720

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-22720 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by the failure to close inbound connection when errors are...

Security Bulletin: IBM Rational Build Forge is vulnerable to disclosure of sensitive information due to use of Apache HTTP server (CVE-2022-28330).

Summary Apache HTTP server is used by IBM Rational Build Forge. This fix includes Apache Http Server 2.4.54 Vulnerability Details CVEID:CVE-2022-28330 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to rea...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 23 / 9.0.0 < 9.0.0 Patch 16 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities, including the following: - An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would...

Amazon Linux 2 : httpd (ALAS-2022-1812)

The version of httpd installed on the remote host is prior to 2.4.54-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1812 advisory. An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to smugg...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2022-2053)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for...

WebSphere Application Server and IBM HTTP Server Security Bulletin List

Question Is there a list that contains the security bulletins that apply to WebSphere Application Server and IBM HTTP Server? Answer The following table is provided to help you locate WebSphere Application Server and IBM HTTP Server security bulletins. These are listed numerically by CVE number n...