AlmaLinux 8 : httpd:2.4 (ALSA-2025:15123)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:15123 advisory. httpd: insufficient escaping of user-supplied data in modssl CVE-2024-47252 httpd: modssl: access control bypass by trusted clients is possible using TLS...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2025:14983 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: modproxyhttp2: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module CVE-2025-49630 For more details about the security...

mod_http2 security update

2.0.26-4.1 - Resolves: RHEL-99956 - CVE-2025-49630 httpd: untrusted input from a client causes an assertion to fail in the Apache modproxyhttp2 module...

Linux Distros Unpatched Vulnerability : CVE-2025-5115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example ...

SUSE SLES15 / openSUSE 15 Security Update : tomcat (SUSE-SU-2025:03024-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03024-1 advisory. Updated to 9.0.108: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details Refer to the security...

SUSE: Security Advisory (SUSE-SU-2025:02993-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2025-1756324356 Fix CVE(s): CVE-2025-49630

SECURITY UPDATE: denial of service attack caused by untrusted clients triggering assertion in modproxyhttp2 - debian/patches/CVE-2025-49630.patch: tolerate missing host header in h2 proxy to fix issue with HTTP/0.9 request without Host header - CVE-2025-49630...

Linux Distros Unpatched Vulnerability : CVE-2021-32566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 ...

Linux Distros Unpatched Vulnerability : CVE-2022-31779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

SUSE SLES15 / openSUSE 15 Security Update : tomcat11 (SUSE-SU-2025:02979-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02979-1 advisory. Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations o...

SUSE-SU-2025:02978-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload bsc1246388 - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability bsc124631...

Linux Distros Unpatched Vulnerability : CVE-2015-5206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a differe...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +914 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.24)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.223 and more Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...

io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: OSV:GHSA-MMXM-8W33-WC4H...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +914 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.24)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.223 and more Source cves: CVE-2025-5115 Source advisory: OSV:GHSA-MMXM-8W33-WC4H...

io.airlift:discovery (=324), io.airlift:http-client (=324) +13 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-common (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047664...

io.airlift:http-server (=324), io.airlift:jmx-http (=324) +5 more potentially affected by CVE-2025-5115 via org.eclipse.jetty.http2:jetty-http2-server (>=12.1.0.alpha0 <=12.1.0.beta2)

org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.1.0.alpha0, =12.1.0.alpha2, =12.1.0.alpha0, =12.1.0.alpha0, =12.1.0.beta2 Source cves: CVE-2025-5115 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-12047652...