Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 31 / 9.0.0 < 9.0.0 Patch 24 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities, including the following: - A vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes...

Command injection

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...

Security Bulletin: IBM Rational Build Forge is affected by Apache Http Server version used in it. (CVE-2022-22719)

Summary IBM Rational Build Forge is affected by the CVE-2022-22719 Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a random memory area, a remote attacker could exploit this...

Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2022-22721)

Summary IBM Rational Build Forge is affected by CVE-2022-22721. Vulnerability Details CVEID: CVE-2022-22721 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by an integer overflow. By sending an overly large LimitXMLRequestBody, a remote attacker could overflow a buffer...

PT-2022-6218 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.54 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2022:2338-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2338-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows a...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2022:2342-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2342-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache...

CVE-2021-36667

CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...

CVE-2021-36667

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library...

F5 Networks BIG-IP : Apache HTTP server vulnerability (K40582331)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K40582331 advisory. Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:5163)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5163 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Leng...

Amazon Linux AMI : httpd24 (ALAS-2022-1607)

The version of httpd24 installed on the remote host is prior to 2.4.54-1.98. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1607 advisory. An HTTP request smuggling vulnerability was found in the modproxyajp module of httpd. This flaw allows an attacker to...

Fedora: Security Advisory for httpd (FEDORA-2022-b54a8dee29)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: httpd-2.4.54-1.fc35

The Apache HTTP Server is a powerful, efficient, and extensible web server...

F5 Networks BIG-IP : Apache HTTP server vulnerability (K58003591)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K58003591 advisory. - The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker ca...

CLSA-2022-1656958687 Fixed CVE-2022-31813 in httpd-39.module_el8.4.0+2066+54659116.1.tuxcare.els8

ELS-190: Fix undefined reference to PROXYSHOULDPING100CONTINUE in approxycreatehdrbrgd that occured in httpd-2.4.37-CVE-2022-31813.patch...

Important: Red Hat Security Advisory: rh-php73-php security and bug fix update

An update for rh-php73-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Jenkins XebiaLabs XL Release Plugin Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins XebiaLabs XL Release Plugin 22.0....

[SECURITY] Fedora 36 Update: httpd-2.4.54-3.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...