Man-in-the-Middle (MitM)

httpd is vulnerable to man-in-the-middle MitM. The vulnerability exists as a flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the Apache modproxyftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the handling of compression structures between modssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively...

Cross-Site Scripting (XSS)

modproxyftp module in Apache is vulnerable to cross-site scripting. When Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modproxyftp module. On sites where modproxyftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following th...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A flaw was found in the modstatus module. On sites where modstatus was enabled and the status pages were publicly available, a cross-site scripting attack was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. A flaw was found in the modproxybalancer module. On sites where modproxybalancer was enabled, a cross-site scripting attack against an authorized user was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modimagemap module. On sites where modimagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible...

Cross-Site Scripting (XSS)

httpd is vulnerable to cross-site scripting. A flaw was found in the modautoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...

Cross-site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the Apache HTTP Server modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a...

Moderate Photon OS Security Update - PHSA-2020-3.0-0079

Updates of 'httpd' packages of Photon OS have been released...

Moderate Photon OS Security Update - PHSA-2020-0079

Updates of 'httpd' packages of Photon OS have been released...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0228

An update of 'libvirt', 'httpd', 'file' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2020-0228

Updates of 'httpd', 'file', 'libvirt' packages of Photon OS have been released...

CentOS 7 : httpd (RHSA-2020:1121)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1121 advisory. - In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the...

CVE-2019-10082

A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session could cause the server to read memory that was previously freed during connection shutdown, potentially leading to a crash. Mitigation This flaw is only exploitable if Apache htt...

CVE-2019-10092

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation. Mitigation This flaw is only exploitable ...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS due to memory corruption on early pushes...