Security Bulletin: Vulnerability in httpd (CVE-2018-17199 and CVE-2018-1301).

Summary The Apache HTTP Server, httpd is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error after a header size lim...

Security Bulletin: Vulnerabilities in Apache HTTP CVE-2019-10098 and CVE-2020-1927.

Summary Apache HTTP Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE's. Vulnerability Details CVEID: CVE-2019-10098 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in t...

Fedora: Security Advisory for httpd (FEDORA-2021-dce7e7738e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache HTTP Server Code Issue Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server version 2.4.48 and earlier, which stems from a malformed request that could...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. Vulnerability Details Refer to the...

Git Remote Code Execution via git-lfs (CVE-2020-27955)

A critical vulnerability CVE-2020-27955 in Git Large File Storage Git LFS, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git...

[SECURITY] Fedora 34 Update: httpd-2.4.49-1.fc34

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Apache HTTP Server ap_escape_quotes buffer overflow vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. buffer overflow vulnerability exists in Apache HTTP Server versions 2.4.48 and earlier, which stems from the possibility that apescapequotes may write content...

Apache HTTP Server mod_proxy server-side request forgery vulnerability

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server in version 2.4.48 and earlier is vulnerable to server-side request forgery, which stems from a failure of the modproxy module to properly validate user input and can be exploited to forward requests to ...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-03205)

Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server versions 2.4.30 to 2.4.48 contain a denial-of-service vulnerability that stems from a network system or product that does not properly validate incoming data. An attacker could exploit this vulnerabilit...

openSUSE 15 Security Update : apache2-mod_auth_openidc (openSUSE-SU-2021:1277-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1277-1 advisory. - modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party...

Apache HTTP Server 2.4.30 < 2.4.49 DoS Vulnerability - Linux

Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Linux

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Apache HTTP Server 2.4.30 < 2.4.49 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache HTTP Server < 2.4.49 Multiple Vulnerabilities - Windows

Apache HTTP Server is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2021-40438

A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-36160

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

CVE-2021-39275

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...

CVE-2021-34798

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

AZL-6486 CVE-2021-39275 affecting package httpd for versions less than 2.4.52-1

apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...