PT-2024-30084 · Linksys · Linksys E1500

Name of the Vulnerable Software and Affected Versions: Linksys E1500 version 1.0.06.001 Description: A Command Injection vulnerability exists in the do upgrade post function of the httpd binary. As a result, an authenticated attacker can execute OS commands with root privileges. This could...

CVE-2024-42815

TP-Link RE365 V1_180213 is affected by CVE-2024-42815 due to a buffer overflow in /usr/bin/httpd arising from insufficient length verification of the USER_AGENT field. This can allow remote attackers to crash the device or execute arbitrary commands. The vulnerability is widely reported across mu...

EulerOS Virtualization 2.10.1 : httpd (EulerOS-SA-2024-2139)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

[SECURITY] Fedora 39 Update: httpd-2.4.62-2.fc39

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Amazon Linux 2 : httpd (ALAS-2024-2606)

The version of httpd installed on the remote host is prior to 2.4.62-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2606 advisory. A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based...

Fedora 39 : httpd (2024-e83af0855e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e83af0855e advisory. - Fix regression introduced by CVE-2024-38474 fix ---- - new version 2.4.62 - Fixes CVE-2024-40725 Tenable has extracted the preceding description...

Fedora: Security Advisory (FEDORA-2024-e83af0855e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2024-27316)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27316 advisory. - HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to genera...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-24795)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24795 advisory. - HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject maliciou...

CBL Mariner 2.0 Security Update: httpd (CVE-2023-38709)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38709 advisory. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to...

CVE-2024-42634

CVE-2024-42634 affects the Tenda AC9 router running v15.03.06.42. The vulnerability lies in the httpd binary’s function formWriteFacMac , enabling a command injection that allows an attacker to execute OS commands with root privileges. Impact is stated as full compromise of the device with root a...

F5 Networks BIG-IP : Apache HTTPD vulnerabilities (K000140620)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K000140620 advisory. CVE-2024-38474Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier...

Important: httpd

Issue Overview: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosu...

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1

CVE-2024-27316 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-38709 affecting package httpd for versions less than 2.4.61-1

CVE-2023-38709 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1

CVE-2024-24795 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...