CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

CVE-2020-9490

CVE-2020-9490 affects Apache HTTP Server versions 2.4.20–2.4.43. A specially crafted value for the Cache-Digest header in an HTTP/2 request could cause a crash when the server subsequently attempts to HTTP/2 PUSH a resource. Mitigation for unpatched servers is to disable HTTP/2 PUSH via H2Push of...

CVE-2020-11984 — Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution

Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE Recent assessments: dabdine-r7 at August 26, 2020 8:06pm UTC reported: The details for this vulnerability were scant from Apache, but this is actually an integer overflow in the modproxyuwsgi Apache module...

PT-2020-5444 · Apache +6 · Apache Http Server +6

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.20 through 2.4.43 Description: The issue is related to the implementation of the HTTP/2 mechanism in the Apache HTTP Server, which is associated with inconsistent interpretation of HTTP requests. This can allow...

PT-2020-5483 · Apache +8 · Apache Http Server +8

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.20 through 2.4.43 Description: The issue is related to the implementation of the HTTP/2 mechanism in the Apache HTTP Server, which can lead to inconsistent interpretation of HTTP requests. This can cause loggin...

PT-2020-4627

Name of the Vulnerable Software and Affected Versions Apache HTTP server versions 2.4.32 through 2.4.44 Description The issue is related to a buffer copy without checking the size of the input data in the mod proxy uwsgi module of the Apache HTTP Server. This can allow a remote attacker to gain...

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via “H2Push off” will mitigate this vulnerability f...

KLA12368 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in “Cache-Digest” header c...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. Vulnerability Details CVEID: CVE-2020-2805...

Amazon Linux 2 : python, python3 (ALAS-2020-1471)

The version of python installed on the remote host is prior to 2.7.18-1. The version of python3 installed on the remote host is prior to 3.7.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1471 advisory. 2023-10-25: CVE-2022-48560 was added to this...

Medium: python, python3

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 10 security update

An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and RHEL 7. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2800 DESCRIPTION: An unspecified...

Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control

CVE-2019-3980 This repo was created to utilize the Nessus POC...

Debian: Security Advisory (DLA-2298-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2298-1 : libapache2-mod-auth-openidc security update

Several issues have been found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. CVE-2019-14857 Insufficient validation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID...

[SECURITY] [DLA 2298-1] libapache2-mod-auth-openidc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2298-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 29, 2020 https://wiki.debian.org/LTS -...

Medium: python26

Issue Overview: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2020-1927, CVE-2020-1934)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Configuration Manager version 6.4.1; IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about security vulnerabilities affecting IBM HTTP Server,...