5773 matches found
CVE-2022-23943
An out-of-bounds read/write vulnerability was found in the modsed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using modsed with data provided by the attacker. Mitigation Disabling modsed and restarting httpd will mitigate this flaw. See...
CVE-2022-22721
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write. Mitigation Set the LimitXMLRequestBody option to a value smaller than 350MB. Setting it to 0 is not recommended a...
CVE-2022-22719
A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an uninitialized value in functions called by the parsebody function. The highest threat from this vulnerability is to system availability. Mitigation Disabling modlua and...
CVE-2022-22720
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling. Mitigation There are currently no known mitigations for this issue...
Integer Overflow
apache2 is vulnerable to Integer Overflow. The vulnerability exists in httpd where it incorrectly limits the value of LimitXMLRequestBody option which can lead to an integer overflow and later causes an out-of-bounds write...
httpd: NULL pointer dereference via malformed requests
A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability...
Moderate: Red Hat Security Advisory: httpd:2.4 security update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2022:0891 Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: NULL pointer dereference via malformed requests CVE-2021-34798 httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-39275 For more details about the...
Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: NULL pointer dereference via malformed requests CVE-2021-34798 httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-39275 For more details about the...
RLSA-2022:0891 Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: NULL pointer dereference via malformed requests CVE-2021-34798 httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-39275 For more details about the...
httpd:2.4 security update
An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...
[slackware-security] httpd
New httpd packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/httpd-2.4.53-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: modsed:...
CentOS 8 : httpd:2.4 (CESA-2022:0891)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:0891 advisory. - httpd: NULL pointer dereference via malformed requests CVE-2021-34798 - httpd: Out-of-bounds write in apescapequotes via malicious input CVE-2021-392...
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current httpd Multiple Vulnerabilities (SSA:2022-073-01)
The version of httpd installed on the remote host is prior to 2.4.53. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-073-01 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issu...
RHEL 8 : httpd:2.4 (RHSA-2022:0891)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0891 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: NULL pointer...
DEBIAN-CVE-2022-22721
If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...
AZL-9015 CVE-2022-22719 affecting package httpd for versions less than 2.4.53-1
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...
AZL-9017 CVE-2022-22721 affecting package httpd for versions less than 2.4.53-1
If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...
Apache Httpd < 2.4.53 : core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
If LimitXMLRequestBody is set to allow request bodies larger than 350MB defaults to 1M on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier...
Apache Httpd < 2.4.53 : HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling...