Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0409

An update of 'NetworkManager', 'httpd' packages of Photon OS has been released...

Photon OS 2.0: Httpd PHSA-2021-2.0-0365

An update of the httpd package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0365. The text itself is copyright C VMware, Inc...

Critical Photon OS Security Update - PHSA-2021-0409

Updates of 'linux-esx', 'httpd', 'linux', 'NetworkManager' packages of Photon OS have been released...

Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise

The continuous improvement of security solutions has forced attackers to explore alternative ways to compromise systems. The rising number of firmware attacks and ransomware attacks via VPN devices and other internet-facing systems are examples of attacks initiated outside and below the operating...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0365

An update of 'httpd' packages of Photon OS has been released...

FreeBSD : Apache httpd -- Multiple vulnerabilities (cce76eca-ca16-11eb-9b84-d4c9ef517024)

The Apache httpd reports : - moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 - moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 - low: modproxyhttp NULL pointer dereference CVE-2020-13950 - low: modauthdigest possible stack overflow by one nul...

VulnCheck KEV: CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

Important: httpd

Issue Overview: A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service. CVE-2021-31618 Affected Packages: httpd Note: This advisory is applicable t...

Important Photon OS Security Update - PHSA-2021-0257

Updates of 'httpd', 'libgcrypt' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-3.0-0257

Updates of 'libgcrypt', 'httpd' packages of Photon OS have been released...

[SECURITY] Fedora 34 Update: mod_http2-1.15.19-1.fc34

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 33 Update: mod_http2-1.15.19-1.fc33

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Important: httpd

Issue Overview: A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows CVE-2020-13938 A flaw was found In Apache httpd. The modproxy has a NULL...

AZL-6474 CVE-2020-13950 affecting package httpd for versions less than 2.4.46-10

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

AZL-6477 CVE-2021-26691 affecting package httpd for versions less than 2.4.46-10

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...

Apache httpd -- Multiple vulnerabilities

The Apache httpd reports: moderate: modproxywstunnel tunneling of non Upgraded connections CVE-2019-17567 moderate: Improper Handling of Insufficient Privileges CVE-2020-13938 low: modproxyhttp NULL pointer dereference CVE-2020-13950 low: modauthdigest possible stack overflow by one nul byte...

CVE-2021-30641

A flaw was found in Apache httpd. A possible regression from an earlier security fix broke behavior of MergeSlashes. The highest threat from this vulnerability is to data integrity. Mitigation This issue can be mitigated by setting the "MergeSlashes" directive to OFF...

CVE-2019-17567

A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. Mitigation Only configurations which use modproxywstunnel are affected by this flaw. It is also safe to comment-out the "LoadModule proxywstunnelmodule ... " line in...

CVE-2021-26691

A heap overflow flaw was found In Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2021-158-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2021-158-01. The text itself is copyrig...