CVE-2020-35785

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365...

NETGEAR DGN2200v1 HTTPd Authentication Vulnerability

The NETGEAR DGN2200v1 is an N300 wireless ADSL2+ modem router. An HTTPd authentication vulnerability exists in versions prior to NETGEAR DGN2200v1 v1.0.0.60. No detailed vulnerability details are provided at this time...

CVE-2020-35785

NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365...

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

Design/Logic Flaw

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

CVE-2020-27715

On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high 100% CPU utilization by the httpd daemon...

Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2019-2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2020-0066)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Multiple Vulnerabilities (NS-SA-2020-0110)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by multiple vulnerabilities: - A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is...

httpd: mod_http2 concurrent pool usage

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

Amazon Linux 2 : httpd (ALAS-2020-1490)

The version of httpd installed on the remote host is prior to 2.4.46-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1490 advisory. Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in...

CVE-2020-28005

httpd on TP-Link TL-WPA4220 devices hardware versions 2 through 4 allows remote authenticated users to trigger a buffer overflow causing a denial of service by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220EUV4201023...

Design/Logic Flaw

httpd on TP-Link TL-WPA4220 devices versions 2 through 4 allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220EUV4201023...

CVE-2020-24297

CVE-2020-24297 affects TP-Link TL-WPA4220 devices (versions 2–4). The httpd component exposes /admin/powerline to remote authenticated users, allowing execution of arbitrary OS commands via crafted POST requests. The fixed release is TL-WPA4220(EU)_V4_201023. Connected sources (Red Hat, CNVD, NVD...

CVE-2020-28005

httpd on TP-Link TL-WPA4220 devices hardware versions 2 through 4 allows remote authenticated users to trigger a buffer overflow causing a denial of service by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220EUV4201023...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15715 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by the FilesMatch...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1303 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory read error in...

Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4751 advisory. - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use of uninitialized value - Resolves: 1823259 - CVE-2020-1927 httpd:2.4/httpd:...

Apache Httpd < 2.4.48 : mod_auth_digest possible stack overflow by one nul byte

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...