Photon OS 4.0: Httpd PHSA-2022-4.0-0142

An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-4.0-0142. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ALSA-2024:4726 Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Improper escaping of output in modrewrite CVE-2024-38475 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: null pointer dereference in modproxy...

httpd:2.4 security update

httpd 2.4.37-65.0.1.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.1 - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in modrewrite CVE-2024-38474 - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves:...

Photon OS 3.0: Httpd PHSA-2019-3.0-0013

An update of the httpd package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0013. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2024-2035)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.CVE-2023-38709 HTT...

Fedora 40 : httpd (2024-de08df1535)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-de08df1535 advisory. - new version 2.4.62 - Fixes CVE-2024-40725 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-2035)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-38473)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38473 advisory. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-39884)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-38472)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-38472 advisory. - SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF a...

CBL Mariner 2.0 Security Update: httpd (CVE-2024-36387)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-36387 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference,...

OESA-2024-1847 mod_http2 security update

Modhttp2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. modproxyhttp2 has been released in 2.4.23. Security Fixes: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a...

Slackware: Security Advisory (SSA:2024-200-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] httpd

New httpd packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.62-i586-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. The first CVE is for Windows, but th...

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1

CVE-2024-38473 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1

CVE-2024-36387 affecting package httpd for versions less than 2.4.61-1. An upgraded version of the package is available that resolves this issue...

AZL-43414 CVE-2024-40725 affecting package httpd for versions less than 2.4.62-1

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

Slackware Linux 15.0 / current httpd Multiple Vulnerabilities (SSA:2024-200-01)

The version of httpd installed on the remote host is prior to 2.4.62. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-200-01 advisory. New httpd packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the preceding...

Apache httpd -- Source code disclosure with handlers configured via AddType

The Apache httpd project reports: source code disclosure with handlers configured via AddType CVE-2024-40725 Important: A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar...