Slackware Linux 14.0 / 14.1 / 14.2 / current httpd Multiple Vulnerabilities (SSA:2021-259-01)

The version of httpd installed on the remote host is prior to 2.4.49. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-259-01 advisory. - A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitti...

CVE-2021-36160

An out-of-bounds read in modproxyuwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability. Mitigation Mitigation for this issue is either not available or the currently available...

CVE-2021-34798

A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has...

CVE-2021-40438

A Server-Side Request Forgery SSRF flaw was found in modproxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and...

CVE-2021-39275

An out-of-bounds write in function apescapequotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function. Mitigation Mitigation for this issue is either no...

AZL-6485 CVE-2021-36160 affecting package httpd for versions less than 2.4.52-1

A carefully crafted request uri-path can cause modproxyuwsgi to read above the allocated memory and crash DoS. This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 inclusive...

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in IBM Http server

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Type response...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2381)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2021-2381)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

vulhubdocker2

This repository is an open-source project for vulnerability research and training, specifically targeting various web applications and services. It is a collection of vulnerable environments and tools for testing and learning about common web application vulnerabilities. The repository contains a...

CVE-2021-33193 affecting package httpd 2.4.46-6

CVE-2021-33193 affecting package httpd 2.4.46-6. A patched version of the package is available...

Photon OS 3.0: Httpd PHSA-2021-3.0-0257

An update of the httpd package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0257. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descripti...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2021-2333)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2333)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important Photon OS Security Update - PHSA-2021-0427

Updates of 'curl', 'mysql' packages of Photon OS have been released...

Null Pointer Dereference Vulnerability in Multiple D-Link Products (CNVD-2021-94840)

The D-Link DAP-2310 is a single-band wireless network access point for small businesses or schools that need a fast and reliable wireless network.The D-Link DAP-2330 is a wireless N300 single-band PoE access point. A null pointer dereference vulnerability exists in multiple D-Link products, which...

CVE-2021-33193

A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity. Mitigation This flaw can be mitigated by disabling HTTP/2. More information available at:...

Null pointer dereference

Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-2360 2.10RC055, DAP-2553 3.10rc039 BETA, DAP-2660 1.15rc131b, DAP-2690 3.20RC115 BETA, DAP-2695 1.20RC093, DAP-3320 1.05RC027 BETA and DAP-3662 1.05rc069 in the sbin/httpd binary. The crash happens a...

Null pointer dereference

Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DAP-2360 2.07.RC043, DAP-2553 3.06.RC027, DAP-2660 1.13.RC074, DAP-2690 3.16.RC100, DAP-2695 1.17.RC063, DAP-3320 1.01.RC014 and DAP-3662 1.01.RC022 in the uploadcertificate function of sbin/httpd...

CVE-2021-28840

CVE-2021-28840 targets multiple D-Link DAP access points (DAP-2310, -2330, -2360, -2553, -2660, -2690, -2695, -3320, -3662). The root cause is a NULL pointer dereference in the upload_config function of sbin/httpd: when handling a specific HTTP GET, upload_file is NULL and strncasecmp is called w...