EulerOS 2.0 SP5 : libproxy (EulerOS-SA-2020-2550)

According to the version of the libproxy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed o...

Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2019-2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (257477)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. GSKit in IBM Tivoli Directory Server ITDS 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS- IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM...

IBM HTTP Server 8.5.0.0 <= 8.5.0.2 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.27 / 6.1.0.0 <= 6.1.0.45 (491407)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement duri...

Virtuozzo 7 : mod_auth_mellon / mod_auth_mellon-diagnostics (VZLSA-2019-0766)

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.9 / 7.0.0.0 <= 7.0.0.33 / 6.1.0.0. <= 6.1.0.47 / 6.0.2.0 <= 6.0.2.43 Multiple Vulnerabilities (509275)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, as follows: - Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain...

IBM HTTP Server 8.5.0.0 <= 8.5.5.6 / 8.0.0.0 <= 8.0.0.11 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 (535175)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based...

IBM HTTP Server 8.5.0.0 <= 8.5.5.2 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (509677)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The Reverse Proxy feature in IBM Global Security Kit aka GSKit in IBM Security Access Manager ISAM for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cau...

MiniWeb HTTP Server 0.8.19 Buffer Overflow

Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow PoC Date: 13.12.2020 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://sourceforge.net/projects/miniweb/ Software Link:...

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.13 / 9.0.0.0 < 9.0.0.6 Sweet32:Birthday Attack (553351)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote...

IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (491411)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non- printable characters, which might allow remote attackers to execute...

IBM HTTP Server 8.5.0.0 <= 8.5.5.8 / 8.0.0.0 <= 8.0.0.12 Multiple Vulnerabilities (538705)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities, as follows: - Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than...

IBM HTTP Server 8.5.0.0 <= 8.5.5.1 / 8.0.0.0 <= 8.0.0.8 / 7.0.0.0 <= 7.0.0.31 / 6.1.0.0 <= 6.1.0.47 (238371)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM Security Directory Server ISDS and Tivoli Directory Server TDS, allows remote attackers to cause a denial of service application crash o...

IBM HTTP Server 8.5.0.0 <= 8.5.5.5 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.37 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (528295)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vecto...

IBM HTTP Server 9.0.0.0 < 9.0.0.11 Security Bypass (869064)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server. In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for...

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.7 Information Disclosure (304539)

The version of IBM HTTP Server running on the remote host is affected by an information disclosure vulnerability. When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in...

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.13 / 9.0.0.0 < 9.0.0.6 Multiple Vulnerabilities (298437)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache, as follows: - Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certai...

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.18 / 9.0.0.0 < 9.0.5.4 Multiple Vulnerabilities (6191631)

The version of IBM HTTP Server running on the remote host is affected by multiple vulnerabilities related to Apache HTTP Server, as follows: - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines...

IBM HTTP Server 9.0.0.0 < 9.0.0.3 Spoofing (6324789)

The version of IBM HTTP Server running on the remote host is affected by a spoofing vulnerability due to a flaw when using proxying with modremoteip and certain modrewrite rules. An unauthenticated, remote attacker can exploit this in order to spoof IP addresses for logging and PHP scripts. Note...

Security Bulletin: April 2020 Critical Patch Update for Java

Summary The April 2020 update to Java contains fixes for a number of potential vulnerabilities. Refer to the Details section for additional information. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could...