CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

Cisco IOS XE Software HTTP Server Denial of Service Vulnerability

A vulnerability in the HTTP server code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the HTTP server to crash. The vulnerability is due to a logical error in the logging mechanism. An attacker could exploit this vulnerability by generating a high amount of...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager (CVE-2019-0211, CVE-2019-0220)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Federated Identity Manager TFIM. Information about multiple security vulnerabilities in IBM HTTP Server used by WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager have been...

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server bundled with IBM Cloud Pak System (CVE-2019-0211 CVE-2019-0220)

Summary IBM HTTP Server is used by WebSphere Application Server bundled with IBM Cloud Pak System formerly known as PureApplication System. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Consult the following...

CentOS Update for httpd CESA-2019:2343 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 7 : httpd (CESA-2019:2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2019:2343 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server regression (USN-4113-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4113-2 advisory. USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager...

Ubuntu: Security Advisory (USN-4113-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4113-2: Apache HTTP Server regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...

USN-4113-2 apache2 regression

USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered...

CVE-2019-5054

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

Null pointer dereference

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

CVE-2019-5054

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 WNR2000v5 with Firmware Version V1.0.0.70 HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...

CVE-2019-5054

The CVE is confirmed in NETGEAR N300 WNR2000v5 with firmware 1.0.0.70: an unauthenticated HTTP request containing an empty User-Agent to a page requiring authentication can trigger a null pointer dereference, crashing the HTTP server (DoS). TALOS-2019-0831 documents the flaw and notes firmware 1....

Information Disclosure

Supervisor is vulnerable to unauthorized restart and information disclosure. It is possible because the inet HTTP server, which is not enabled by default, does not use authentication by default, allowing an unauthenticated user to access log files or restart a service if the inet HTTP server is...

NETGEAR N300 Denial of Service Vulnerability

The NETGEAR N300 is a wireless router from NETGEAR. A security vulnerability exists in the session handling function in the HTTP server of the NETGEAR N300 WNR2000v5 using firmware version 1.0.0.70. An attacker can exploit the vulnerability to cause the HTTP service to crash with the help of an...

PYSEC-2019-126

DISPUTED In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inethttpserver, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. T...