Oracle Linux 8 : httpd:2.4 (ELSA-2024-5193)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5193 advisory. - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves...

httpd: Improper escaping of output in mod_rewrite

A flaw was found in the modrewrite module of httpd. Improper escaping of output allows an attacker to map URLs to filesystem locations permitted to be served by the server but are not intentionally or directly reachable by any URL. This issue results in code execution or source code disclosure...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

httpd: Potential SSRF in mod_rewrite

A flaw was found in the modrewrite module of httpd. A potential SSRF allows an attacker to cause unsafe rules used in the RewriteRule directive to unexpectedly set up URLs to be handled by the modproxy module...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd:2.4 security update

httpd 2.4.37-65.2.0.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.2 - Resolves: RHEL-46040 - httpd:2.4/httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves: RHEL-53022 - Regression introduced by...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd: Security issues via backend applications whose response headers are malicious or exploitable

A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery SSRF or local script execution...

ALSA-2024:5193 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...

AlmaLinux 8 : httpd:2.4 (ALSA-2024:5193)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:5193 advisory. httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 Tenable has extracted the preceding description...

Oracle Linux 9 : httpd (ELSA-2024-5138)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5138 advisory. - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 Tenable has extracte...

httpd: CONTINUATION frames DoS

A vulnerability was found in how Apache httpd implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers,...

Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

...

Important: Red Hat Security Advisory: httpd security update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

K000140620: Apache HTTPD vulnerabilities CVE-2024-38474 and CVE-2024-38475

Security Advisory Description CVE-2024-38474 Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to b...

httpd security update

2.4.57-11.0.1.el94.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11.1 - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves: RHEL-53021 - Regression introduced by...

RHEL 9 : httpd (RHSA-2024:5138)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5138 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backe...

AlmaLinux 9 : httpd (ALSA-2024:5138)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:5138 advisory. httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 Tenable has extracted the preceding description...

ALSA-2024:5138 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...