RHEL 8 : httpd:2.4 (RHSA-2019:2893)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2893 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: HTTP/2: request for large respon...

Oracle Linux 8 : httpd:2.4 (ELSA-2019-2893)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2893 advisory. - Resolves: 1744997 - CVE-2019-9511 httpd:2.4/modhttp2: HTTP/2: large amount of data request leads to denial of service - Resolves: 1745084 - CVE-2019-9516...

Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

httpd:2.4 security update

httpd 2.4.37-12.0.1 - Set vstring per ORACLESUPPORTPRODUCT Orabug: 29892262 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-12 - Resolves: 1744997 - CVE-2019-9511 httpd:2.4/modhttp2: HTTP/2: large amount of data request leads to denial of service - Resolves: 1745084 -...

Critical Photon OS Security Update - PHSA-2019-0178

Updates of 'linux-aws', 'linux-secure', 'linux-esx', 'linux', 'httpd' packages of Photon OS have been released...

CentOS 7 : httpd (CESA-2019:2343)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS Update for httpd CESA-2019:2343 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : httpd Vulnerability (NS-SA-2019-0172)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has httpd packages installed that are affected by a vulnerability: - In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated...

[SECURITY] Fedora 30 Update: mod_http2-1.15.3-2.fc30

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

[SECURITY] Fedora 29 Update: mod_http2-1.15.3-2.fc29

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

CentOS 7 : keycloak-httpd-client-install (CESA-2019:2137)

An update for keycloak-httpd-client-install is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Scientific Linux Security Update : httpd on SL7.x x86_64 (20190806)

Security Fixes : - httpd: modauthdigest: access control bypass due to race condition CVE-2019-0217 - httpd: URL normalization inconsistency CVE-2019-0220 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid128223;...

Scientific Linux Security Update : keycloak-httpd-client-install on SL7.x x86_64 (20190806)

Security Fixes : - keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py CVE-2017-15111 - keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line CVE-2017-15112 C Tenable Network Security, Inc. The descriptive text is C Scientific Linu...

Debian: Security Advisory (DSA-4509-3)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4509-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4509-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 26, 2019 https://www.debian.org/security/faq -...

Internet Bug Bounty: mod_http2, read-after-free in h2 connection shutdown (CVE-2019-10082)

Using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. This is made possible by a race condition in which nghttp2 maintains a reference to a stream after modhttp2 has destroyed it. This vulnerability has been fixed in...

Fedora Update for httpd FEDORA-2019-099575a123

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-10098

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

Internet Bug Bounty: mod_http2, memory corruption on early pushes (CVE-2019-10081)

HTTP/2 very early pushes, for example configured with H2PushResource, could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. Scenarios where an attacker may be ab...

Apache 2.4.x < 2.4.41 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.41. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.41 advisory, including the following: - A limited cross-site scripting issue was reported affecting the modproxy error page. An attacker cou...