[SECURITY] Fedora 30 Update: httpd-2.4.41-1.fc30

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 30 : 1:mod_md / httpd (2019-099575a123)

This update includes the latest release of the Apache HTTP Server, version 2.4.41, fixing various security issues. Several major enhancements are also included in this update : - modmd is now packaged from upstream github releases, adding support for ACMEv2. - modcgid stderr handling has been...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

It is an offensive tool for Java. This PoC exploit targets CVE-2...

Moderate: Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update

An update for rh-php71-php is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2019-10081

HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...

CVE-2019-10081

HTTP/2 2.4.20 through 2.4.39 very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client...

CVE-2019-10082

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown...

CVE-2019-10097

In Apache HTTP Server 2.4.32-2.4.39, when modremoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted pro...

CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

KLA12366 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting attack, spoof user interface. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerability in modhttp2 can be...

UBUNTU-CVE-2019-10098

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL...

Amazon Linux 2 : mod_http2 (ALAS-2019-1264)

A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 C Tenable Network Security, Inc...

Oracle Linux 8 : mod_auth_mellon (ELSA-2019-0985)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-0985 advisory. 0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z Tenable has extracted the preceding description...

RHEL 7 : httpd (RHSA-2019:2343)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2343 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modauthdigest:...

Oracle Linux 7 : httpd (ELSA-2019-1898)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1898 advisory. 2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce...

CentOS 7 : httpd (CESA-2019:1898)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 7 : mercurial (RHSA-2019:2276)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2276 advisory. Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Securi...

Fedora Update for php FEDORA-2019-f07db8f031

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: php-7.2.21-1.fc29

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...