RLSA-2022:1049 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 For more details about the security issues, including the impact, a CV...

Oracle Linux 7 : httpd (ELSA-2022-1045)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1045 advisory. - modsession: save one aprstrtok Orabug: 33338149CVE-2021-26690 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server (CVE-2022-22719, CVE-2022-22720, CVE-2022-22721)

Summary There are multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a...

[SECURITY] Fedora 35 Update: httpd-2.4.53-1.fc35

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Debian DLA-2960-1 : apache2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2960 advisory. Several vulnerabilities have been discovered in the Apache HTTP server, which could result in denial of service, request smuggling or buffer overflows. For Debian ...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-5333-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5333-2 advisory. USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

USN-5333-2: Apache HTTP Server vulnerabilities

USN-5333-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote...

USN-5333-1 apache2 vulnerabilities

Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2022-22719 James Kettle discovered that the Apache HTTP Serv...

Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-5333-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5333-1 advisory. Chamal De Silva discovered that the Apache HTTP Server modlua module incorrectly handled certain crafted request bodies. A remote attacker...

ROS-20220317-01

Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-44790, CVE-2021-44224)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2022-41640)

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A buffer overflow vulnerability exists in Apache HTTP Server, which stems from a networked system or product that does not properly validate data boundaries wh...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2022-41638)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server 2.4.52 and earlier versions are vulnerable to an input validation error that results from setting LimitXMLRequestBody to allow request bodies larger than 350MB 1M by default on 32-bit systems, which cou...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-41639)

Apache HTTP Server is an open source web server from the Apache Foundation. A denial-of-service vulnerability exists in Apache HTTP Server 2.4.52 and earlier versions, which stems from a well-designed request body that reads random memory regions and can be exploited by attackers to crash process...

FreeBSD : Apache httpd -- Multiple vulnerabilities (6601c08d-a46c-11ec-8be6-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6601c08d-a46c-11ec-8be6-d4c9ef517024 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-0891)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0891 advisory. - Resolves: 2059256 - CVE-2021-34798 httpd:2.4/httpd: NULL pointer dereference via malformed requests Tenable has extracted the preceding description...

HTTP Request Smuggling

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd:2.4 security update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: NULL pointer dereference via malformed requests CVE-2021-34798 httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-39275 For more details about the...