Ubuntu: Security Advisory (USN-5487-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Jenkins Plugin EasyQA 跨站请求伪造漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...

SUSE SLES15 Security Update : golang-github-prometheus-node_exporter (SUSE-SU-2022:2137-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2137-1 advisory. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache HTTP Server vulnerabilities (USN-5487-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5487-1 advisory. It was discovered that Apache HTTP Server modproxyajp incorrectly handled certain crafted request. A remote attacker...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773-Apache-RCE A flaw was found in a change made to...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1893)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2022-1893)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2022:2099-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2099-1 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows a...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin -- CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813,...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-1867)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1843)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

EulerOS 2.0 SP9 : httpd (EulerOS-SA-2022-1867)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...

Insecure Access Control

Apache HTTP Server has insecure access control. The vulnerability exists due to the system not sending the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism...

Denial Of Service (DoS)

Apache HTTP Server is vulnerable to denial of service. The vulnerability exists due to a lack of sanitization with modsed in contexts where the input to modsed may be very large, modsed may make excessively large memory allocations and trigger an abort...

Buffer Overflow

Apache HTTP Server is vulnerable to buffer overflow. The vulnerability exists due to a lack of sanitization of the return lengths to applications calling r:wsread that point past the end of the storage allocated for the buffer...

Out-of-Bounds Read

Apache HTTP Server is vulnerable to out of bounds read. The vulnerability exists due to a memory corruption when configured to process requests with the modisapi module...

Siemens Apache HTTP Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Apache HTTP Server Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Write, Server-side Request Forgery SSRF 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to HTTP request smuggling and a buffer overflow (CVE-2022-22720, CVE-2022-22721)

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to HTTP requst smuggling and a buffer overflow attack as described in the vulnerability details section. IBM i has addressed the CVEs by providing fixes to the Apache HTTP Server implementation as described in the Remediation/Fixes...

Updated apache packages fix security vulnerability

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...

Out-of-Bounds Read

Apache HTTP Server is vulnerable to out of bounds read. The vulnerability exists due to a lack of sanitization of the aprwrite function allowing an attacker to cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function...