11634 matches found
Information Disclosure
httpd is vulnerable to information disclosure. The vulnerability exists as it was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafte...
Denial Of Service (DoS)
apache apr is vulnerable to denial of service. It was found that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for...
Denial Of Service (DoS)
subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module for use with the Apache HTTP Server processed certain requests. If a malicious, remote user issued a certain type of request to display a...
Information Disclosure
httpd is vulnerable to information disclosure. A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a...
Denial Of Service (DoS)
apache http server is vulnerable to denial of service. A flaw was found in the way the moddav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash...
Access Restriction Bypass
The Apache HTTP Server is vulnerable to Access Restriction Bypass. A second flaw was found in the Apache modproxyftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header,...
Denial Of Service (DoS)
The Apache HTTP Server is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...
Privilege Escalation
The Apache HTTP Server is vulnerable to Privilege Escalation. A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...
Denial Of Service (DoS)
httpd is vulnerable to denial of service DoS. The vulnerability exists as a bug was found in the Apache HTTP Server modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash...
Cross-site Scripting (XSS)
httpd is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the Apache HTTP Server modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat...
Denial Of Service (DoS)
httpd is vulnerable to denial of service. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a...
Apache 2.4.x < 2.4.42 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.42 advisory. - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...
[SECURITY] Fedora 31 Update: rubygem-puma-3.12.4-1.fc31
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...
[SECURITY] Fedora 30 Update: rubygem-puma-3.12.4-1.fc30
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications...
mod_auth_mellon security update
CentOS Errata and Security Advisory CESA-2020:1003 An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2020:1121 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security update for exiv2 (moderate)
openSUSE Security Update: Security update for exiv2 Announcement ID: openSUSE-SU-2020:0482-1 Rating: moderate References: 1040973 1068873 1088424 1097599 1097600 1109175 1109176 1109299 1115364 1117513 1142684 Cross-References: CVE-2017-1000126 CVE-2017-9239 CVE-2018-12264 CVE-2018-12265...
Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of...