Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager (CVE-2020-1927, CVE-2020-1934)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager version 3.9 & 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about security vulnerabilities affecting IBM HTTP Server, a component of IBM...

Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2020-1927, CVE-2020-1934)

Summary There are multiple vulnerabilities in Apache HTTP Server affecting IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the modrewrite...

Apache Httpd < 2.4.44 : mod_proxy_uwsgi buffer overflow

In Apache HTTP Server versions 2.4.32 to 2.4.43, modproxyuwsgi has a information disclosure and possible RCE...

Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security and bug fix update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open redirect in logout url when using URLs with leading slashes...

mod_auth_openidc:2.3 security and bug fix update

An update is available for cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an OpenID Connect authentication module for Apache HTTP...

RLSA-2020:3032 Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open redirect in logout url when using URLs with leading slashes...

ALSA-2020:3032 Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open redirect in logout url when using URLs with leading slashes...

Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim...

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2020:3032)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3032 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an Open...

Oracle Enterprise Manager Ops Center (Jul 2020 CPU)

The 12.4.0.0 versions of Enterprise Manager Ops Center installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Enterprise Manager Ops Center product of Oracle Enterprise Manager component: Networking Apache HTTP...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM TNPM for Wireline

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- TNPM|...

SAP Netweaver Application Server (AS) HTTP Server Detection

Binary data sapnetweaveraswebdetect.nbin...

Siemens LOGO! Web Server Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the Web Server functionality of Siemens LOGO! 1.82.02, 12/24RCE Version 0BA and 230RCE Version 0BA. A specially crafted HTTP request can cause memory corruption resulting in a code execution. An attacker can send an unauthenticated...

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability

Microsoft Windows MSHTA.EXE .HTA File XML Injection Vulnerability Vendor www.microsoft.com Product Windows MSHTA.EXE .HTA File An HTML Application HTA is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explore...

CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

Default credentials

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

EulerOS Virtualization 3.0.6.0 : httpd (EulerOS-SA-2020-1749)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP...