W3C CERN httpd Detection

Checks whether the CERN httpd is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

httpd: mod_http2: possible crash on late upgrade

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

httpd: mod_http2: DoS via slow, unneeded request bodies

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 modhttp2 connections...

Apache Httpd mod_rewrite - Open Redirects Vulnerability

Exploit for multiple platform in category web applications Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik...

Apache Httpd mod_proxy - Error Page Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolu...

httpd:2.4 security and bug fix update

...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2019-2249)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes '/',...

RHEL 8 : httpd:2.4 (RHSA-2019:3436)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3436 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modauthdigest:...

ALBA-2019:3460 keycloak-httpd-client-install bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

keycloak-httpd-client-install bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

keycloak-httpd-client-install bug fix and enhancement update

An update is available for keycloak-httpd-client-install. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)

A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/2 client session...

Medium: httpd

Issue Overview: A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A...

Amazon Linux 2 : keycloak-httpd-client-install (ALAS-2019-1324)

It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service.CVE-2017-15111 In keycloak-http-client-install prior to version 0.8, the admi...

Photon OS 3.0: Httpd PHSA-2019-3.0-0035

An update of the httpd package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-3.0-0035. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid130101;...

Photon OS 1.0: Httpd PHSA-2019-1.0-0253

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0253. The text itself is copyright C VMware, Inc. include"compat.inc"; if description scriptid130109...

Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal (CVE-2015-8743)

Summary IBM HTTP Server is used by IBM Netezza Performance Portal. IBM Netezza Performance Portal has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-8743 DESCRIPTION: Apache HTTPD is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied...

Medium: httpd24

Issue Overview: A vulnerability was found in Apache httpd, in modhttp2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.CVE-2019-10081 A read-after-free vulnerability was discovered in Apache httpd, in modhttp2. A specially crafted http/...