5773 matches found
[slackware-security] httpd
New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.48-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. modhttp2: Fix a potenti...
CVE-2021-26690
A NULL pointer dereference was found in Apache httpd modsession. The highest threat from this vulnerability is to system availability. Mitigation Only configurations which use the "SessionEnv" directive which is not widely used are vulnerable to this flaw. SessionEnv is not enabled in default...
CVE-2020-35452
A flaw was found in Apache httpd. The modauthdigest has a single zero byte stack overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Mitigation Only configurations which use modauthdigest are affected by this flaw. Also as...
CVE-2021-31618
A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this flaw to crash the httpd child process, causing temporary denial of service...
PT-2021-9681 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.46 Description: The issue allows unprivileged local users to stop the httpd service on Windows. This was discovered by Ivan Zhakov. Recommendations: For Apache HTTP Server versions 2.4.0 through...
httpd:2.4 security, bug fix, and enhancement update
httpd 2.4.37-39.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-39 - prevent htcacheclean from while break when first file processed 2.4.37-38 - Resolves: 1918741 - Thousands of /tmp/modproxy.tmp. files created by...
CentOS 8 : httpd:2.4 (CESA-2021:1809)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1809 advisory. - httpd: modsessioncookie does not respect expiry time CVE-2018-17199 - httpd: modproxyuwsgi buffer overflow CVE-2020-11984 - httpd: modhttp2 concurren...
RHEL 8 : httpd:2.4 (RHSA-2021:1809)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1809 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie...
httpd: mod_proxy_uwsgi buffer overflow
A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...
Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
httpd:2.4 security, bug fix, and enhancement update
An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...
ALSA-2021:1809 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
RLSA-2021:1809 Moderate: httpd:2.4 security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: modproxyuwsgi buffer overflow CVE-2020-11984 httpd: modhttp2 concurrent pool usage CVE-2020-11993 For mor...
Apache Httpd < 2.4.48 : Unexpected URL matching with 'MergeSlashes OFF'
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...
CVE-2021-29302
TP-Link TL-WR802NUS, ArcherC50v5US v4200 = 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution...
CVE-2021-29302
TP-Link TL-WR802NUS, ArcherC50v5US v4200 = 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution...
CVE-2021-29302
TP-Link TL-WR802NUS, ArcherC50v5US v4200 = 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution...
CVE-2019-17656
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is...
Stack overflow
A Stack-based Buffer Overflow vulnerability in the HTTPD daemon of FortiOS 6.0.10 and below, 6.2.2 and below and FortiProxy 1.0.x, 1.1.x, 1.2.9 and below, 2.0.0 and below may allow an authenticated remote attacker to crash the service by sending a malformed PUT request to the server. Fortinet is...