Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1455)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Fusion Middleware Oracle HTTP Server (Apr 2020 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as referenced in the April 2020 CPU advisory: - An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Oracle HTTP Server's Web Listener component, allows a remote attacker ...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

CVE-2020-2952

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2020-2952

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

DEBIAN-CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Design/Logic Flaw

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2020-2952

CVE-2020-2952 affects Oracle Fusion Middleware’s Oracle HTTP Server (Web Listener) version 11.1.1.9.0. The vulnerability enables an unauthenticated, network-accessible attacker over HTTP to modify or delete data and to read data from the Oracle HTTP Server, as indicated by the CVSS 3.0 base metri...

CVE-2020-2952

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Web Listener. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful...

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

CVE-2020-2800

CVE-2020-2800 affects Oracle Java SE/Java SE Embedded, specifically the Lightweight HTTP Server component. Affected versions include Java SE 7u251, 8u241, 11.0.6, 14 and Java SE Embedded 8u241. The vulnerability can be exploited over a network with unauthenticated access via multiple protocols, p...

CVE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

MGASA-2020-0166 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

Unspecified Vulnerability in Oracle Enterprise Manager Base Platform (CNVD-2020-28003)

Oracle Enterprise Manager is Oracle's on-premises deployment management platform that provides a single management platform for managing all customer Oracle deployments.Enterprise Manager Base Platform is the complete installer that includes OMS, agents, repositories, and management plug-ins. A...

PT-2020-2597

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient input validation in the Lightweight HTTP Server component of Oracle Java SE and Java SE Embedded. This can be exploit...

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-puma (FEDORA-2020-08092b4c97)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Unauthorized Reverse Proxy Connection

The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9...