Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0313

An update of 'httpd', 'etcd' packages of Photon OS has been released...

Critical Photon OS Security Update - PHSA-2020-0313

Updates of 'httpd', 'etcd' packages of Photon OS have been released...

Photon OS 2.0: Httpd PHSA-2020-2.0-0272

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0272. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid139609...

Photon OS 3.0: Httpd PHSA-2020-3.0-0125

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0125. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid139612...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0272

An update of 'linux', 'etcd', 'linux-secure', 'linux-aws', 'linux-esx', 'httpd' packages of Photon OS has been released...

Critical Photon OS Security Update - PHSA-2020-0125

Updates of 'httpd' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2020-3.0-0125

Updates of 'httpd' packages of Photon OS have been released...

CVE-2020-11993

A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by modhttp2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability...

CVE-2020-11984

A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabilit...

CVE-2020-9490

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability. Mitigation Configuring the HTTP/2...

FreeBSD : Apache httpd -- Multiple vulnerabilities (76700d2f-d959-11ea-b53c-d4c9ef517024)

The Apache httpd projec reports : - modhttp2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header CVE-2020-9490 A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. -...

Apache httpd -- Multiple vulnerabilities

The Apache httpd projec reports: modhttp2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header CVE-2020-9490 A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards...

NETGEAR R6700 httpd strtblupgrade Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the la...

Netgear Won't Patch 45 Router Models Vulnerable to Serious Flaw

UPDATE Netgear will not patch 45 router models that are vulnerable to a high-severity remote code execution flaw, the router company revealed last week. However, the company says that routers that won’t receive updates are outdated or have reached EOL End of Life. The remote code execution...

NETGEAR R6700 Buffer Overflow Vulnerability (CNVD-2020-43667)

The NETGEAR R6700 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the httpd service in the NETGEAR R6700 version V1.0.4.8410.0.58, which originates when the program fails to properly validate the length of user-supplied data before copying it into a fixed stack-based...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2020-15416

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2020-15416

CVE-2020-15416 affects NETGEAR R6700 routers (V1.0.4.84_10.0.58). The vulnerability is in the httpd service on port 80 and stems from improper validation of the length of user-supplied data copied into a fixed-length, stack-based buffer. This causes a stack-based buffer overflow that an attacker ...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1749)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear httpd upgrade_check.cgi stack buffer overflow

Overview Multiple Netgear devices contain a stack buffer overflow in the httpd web server's handling of upgradecheck.cgi, which may allow for unauthenticated remote code execution with root privileges. Description Many Netgear devices contain an embedded web server, which is provided by the httpd...