OESA-2021-1253 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of ServiceCVE-2021-26690...

Advisory ROSA-SA-2021-1922

Software: modauthopenidc 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2017-6062 CVE-Crit: HIGH CVE-DESC: The "OpenID Connect Verification Party and OAuth 2.0 Resource Server" module also known as modauthopenidc before version 2.1.5 for Apache HTTP Server does not pass the OIDCCLAIM and OIDCAuthNHeader header...

Advisory ROSA-SA-2021-1885

Software: libproxy 0.4.11 OS: Cobalt 7.9 CVE-ID: CVE-2020-25219 CVE-Crit: HIGH CVE-DESC: url :: recvline in url.cpp in libproxy 0.4.x to 0.4.15 allows a remote HTTP server to run uncontrolled recursion through a response consisting of an infinite stream with no newline character. This results in...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-26690, CVE-2021-26691)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2.0.x Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins list...

EulerOS Virtualization for ARM 64 3.0.2.0 : libproxy (EulerOS-SA-2021-2073)

According to the version of the libproxy package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion...

Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2021-2073)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : httpd (ALAS-2021-1674)

The version of httpd installed on the remote host is prior to 2.4.48-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1674 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw was...

Amazon Linux 2 : mod_http2 (ALAS-2021-1678)

The version of modhttp2 installed on the remote host is prior to 1.15.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1678 advisory. A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use thi...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server shipped by IBM WebSphere Application Server Patterns

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-26691 DESCRIPTION: Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2020-13938, CVE-2021-30641)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-13938, CVE-2021-30641)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 4.2.0.x,4.1.1.x and 3.9. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

SUSE SLED15: apache2 / apache2-devel / apache2-doc / apache2-event / etc (SUSE-SU-2021:2127-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2127-1 advisory. - fixed CVE-2021-30641 bsc1187174: MergeSlashes regression - fixed CVE-2021-31618 bsc1186924: NULL pointer dereference on specially...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

Security Bulletin: A security vulnerability has been identified that Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. By providing required fixes for vulnerability affecting WebSphere Application Server has been published in the security bulletin. Vulnerability Details Refer to the security bulletins listed in...

Amazon Linux 2 : httpd (ALAS-2021-1659)

The version of httpd installed on the remote host is prior to 2.4.48-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1659 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP...

Amazon Linux 2 : httpd (ALAS-2021-1672)

The version of httpd installed on the remote host is prior to 2.4.46-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1672 advisory. A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this fl...

SonicWall SonicOS Buffer Overflow (SNWLID-2021-0006)

According to its self-reported version, the remote SonicWall firewall is running a version of SonicOS that is affected by a buffer overflow vulnerability. A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted unauthenticated HTTP request. This can...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Case Manager (CVE-2020-13938, CVE-2021-30641)

Summary IBM HTTP Server used by WebSphere Application Server is shipped as a component of IBM Case Manager. Information about multiple security vulnerabilities affecting IBM HTTP Server CVE-2020-13938, CVE-2021-30641 has been published in a security bulletin. Vulnerability Details Refer to the...

CVE-2021-20019

A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability...