Debian: Security Advisory (DSA-2035-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25690

A vulnerability was found in httpd. This security issue occurs when some modproxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern...

AZL-25605 CVE-2023-25690 affecting package httpd for versions less than 2.4.56-1

Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1408)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1423)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1678136793 httpd: Fix of CVE-2006-20001

CVE-2006-20001: moddav: out-of-bounds read/write...

httpd: Fix of CVE-2006-20001

CVE-2006-20001: moddav: out-of-bounds read/write...

CLSA-2023-1678136294 httpd: Fix of 2 CVEs

CVE-2022-37436: modproxy: HTTP response splitting - CVE-2006-20001: moddav: out-of-bounds read/write...

CLSA-2023-1678135884 httpd: Fix of 2 CVEs

CVE-2022-37436: modproxy: HTTP response splitting - CVE-2006-20001: moddav: out-of-bounds read/write...

Moderate: Red Hat Security Advisory: httpd security and bug fix update

An update for httpd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

httpd: mod_proxy_ajp: Possible request smuggling

A flaw was found in the modproxyajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests...

httpd: mod_dav: out-of-bounds read/write of zero byte

A flaw was found in the moddav module of httpd. A specially crafted "If:" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service...

Moderate: httpd security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...

PT-2023-7980

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N versions affected versions not specified Description The TP-Link TL-WR841N router is affected by an improper authentication issue within the dropbearpwd component. This allows network-adjacent attackers to disclose sensitive...

CVE-2023-25824

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

Design/Logic Flaw

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

UBUNTU-CVE-2023-25824

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824 mod_gnutls contains Infinite Loop on request read timeout

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 including did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This coul...

CVE-2023-25824

CVE-2023-25824 affects the Mod_gnutls TLS module for Apache HTTPD (GnuTLS-based). Versions 0.9.0 through 0.12.0 do not properly fail blocking read operations on TLS connections when the transport times out, instead entering an endless loop that can consume CPU resources and, if trace logging is e...

CVE-2023-25824

Removed by vendor...