Security Bulletin: Vulnerability in httpd affects IBM Integrated Analytics System

Summary Redhat provided httpd is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15710 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds memory write error. By...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary Redhat provided HTTPD package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1283 DESCRIPTION: Apache HTTPD could allow a remote attacker to bypass security restrictions, caused by an erro...

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

Summary RedHat provided HTTPD package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-1301 DESCRIPTION: Apache HTTPD is vulnerable to a denial of service, caused by an out-of-bounds access error...

httpd:2.4 security, bug fix, and enhancement update

httpd 2.4.37-13.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracles index page oracleindex.html 2.4.37-30 - Resolves: 1209162 - support logging to journald from CustomLog 2.4.37-29 - Resolves: 1823263 CVE-2020-1934 - CVE-2020-1934 httpd: modproxyftp use o...

CVE-2007-0086 affecting package httpd 2.4.46-3

CVE-2007-0086 affecting package httpd 2.4.46-3. A patched version of the package is available...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

Moderate: Red Hat Security Advisory: httpd:2.4 security, bug fix, and enhancement update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd: null-pointer dereference in mod_remoteip

A vulnerability was discovered in Apache httpd, in modremoteip. A trusted proxy using the "PROXY" protocol could send specially crafted headers that can cause httpd to experience a stack buffer overflow or NULL pointer dereference, leading to a crash or other potential consequences. This issue...

RHEL 8 : httpd:2.4 (RHSA-2020:4751)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4751 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgrad...

RLSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: modhttp2 1.15.7. BZ1814236 Security Fixes: httpd: memory corruption on early pushes CVE-2019-10081 httpd: read-after-free in ...

httpd:2.4 security, bug fix, and enhancement update

An update is available for modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

CVE-2020-25680

A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from...

httpd: mod_http2 concurrent pool usage

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

httpd: mod_proxy_uwsgi buffer overflow

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 (RHSA-2020:4384)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4384 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This...

CVE-2020-26561

Belkin LINKSYS WRT160NL 1.0.04.002US20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in createdir in minihttpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintai...

PT-2020-16458 · Acme +1 · Mini Httpd +1

Name of the Vulnerable Software and Affected Versions: Belkin LINKSYS WRT160NL version 1.0.04.002 US 20130619 Description: The issue is a stack-based buffer overflow due to the use of sprintf in the create dir function of mini httpd. This can lead to arbitrary code execution if successfully...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-2224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20201001)

Security Fixes : - httpd: Improper handling of headers in modsession can allow a remote user to modify session data for CGI applications CVE-2018-1283 - httpd: Out of bounds read in modcachesocache can allow a remote attacker to cause DoS CVE-2018-1303 - httpd: modrewrite configurations vulnerabl...

CentOS 7 : httpd (RHSA-2020:3958)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3958 advisory. - In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching onl...