httpd security, bug fix, and enhancement update

2.4.53-7.0.1 - Replace index.html with Oracles index page oracleindex.html. 2.4.53-7 - Resolves: 2094997 - CVE-2022-26377 httpd: modproxyajp: Possible request smuggling - Resolves: 2097032 - CVE-2022-28615 httpd: out-of-bounds read in apstrcmpmatch - Resolves: 2098248 - CVE-2022-31813 httpd:...

Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)

A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...

TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue...

PT-2022-5731 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version 3.20.1US Description: This issue allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N routers. The specific flaw exists within the httpd service, which listens on...

TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default...

CLSA-2022-1668706027 httpd: Fix of 2 CVEs

CVE-2022-28614: handle large writes in aprputs - CVE-2022-29404: use a liberal default limit for LimitRequestBody of 1GB...

CLSA-2022-1668705928 httpd: Fix of 2 CVEs

CVE-2022-28614: handle large writes in aprputs - CVE-2022-29404: use a liberal default limit for LimitRequestBody of 1GB...

CVE-2009-1890 affecting package httpd for versions less than 2.4.54-1

CVE-2009-1890 affecting package httpd for versions less than 2.4.54-1. This CVE either no longer is or was never applicable...

httpd: Out-of-bounds read via ap_rwrite()

An out-of-bounds read vulnerability was found in httpd. A very large input to the aprputs and aprwrite functions can lead to an integer overflow and result in an out-of-bounds read...

RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

httpd security, bug fix, and enhancement update

An update is available for httpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

RHEL 9 : httpd (RHSA-2022:8067)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8067 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgrad...

httpd:2.4 security update

httpd 2.4.37-51.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-51 - Resolves: 2097015 - CVE-2022-28614 httpd:2.4/httpd: out-of-bounds read via aprwrite - Resolves: 2097031 - CVE-2022-28615 httpd:2.4/httpd:...

Moderate: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Vulnerability (NS-SA-2022-0076)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by a vulnerability: - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP...

CVE-2022-29888

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...

CentOS 8 : httpd:2.4 (CESA-2022:7647)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7647 advisory. - httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 - httpd: core: Possible buffer overflow with very large or unlimited...

RHEL 8 : httpd:2.4 (RHSA-2022:7647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7647 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/wri...

httpd: mod_lua: Use of uninitialized value of in r:parsebody

A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability...

httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...