Photon OS 3.0: Httpd PHSA-2020-3.0-0079

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0079. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid135787...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20200407)

httpd: modsessioncookie does not respect expiry time httpd: Out of bounds write in modauthnzldap when using too small Accept-Language values httpd: Out of bounds access after failure in reading the HTTP request C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1505)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded...

EulerOS Virtualization 3.0.2.2 : httpd (EulerOS-SA-2020-1455)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple...

Denial Of Service (DoS)

Subversion SVN is vulnerable to denial of service DoS. The vulnerability exists through a flaw found in the way the moddavsvn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as the httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this fla...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges such as a PHP or CGI script could use this flaw to cause the parent httpd process t...

Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MiTM. The vulnerability exists as it was discovered that the fix for CVE-2011-3368 released via RHSA-2011:1391 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly...

Arbitrary Code Execution

httpd is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as it was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafte...

Denial Of Service (DoS)

subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process...

Denial Of Service (DoS)

subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd...

Denial Of Service (DoS)

apr-util is vulnerable to denial of service. It was found that certain input could cause the apr-util library to allocate more memory than intended in the aprbrigadesplitline function. An attacker able to provide input in small chunks to an application using the apr-util library such as httpd cou...

Information Disclosure

httpd is vulnerable to information disclosure. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM Multi-Processing Module could possibly leak information from other reques...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. It was discovered that modproxyajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where modproxy is used in load balancer mode....

Information Disclosure

httpd is vulnerable to information disclosure. A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists in modproxyajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user...