Fedora 27 : httpd (2018-c3dc008c54)

This update includes the latest upstream release, httpd 2.4.34, with multiple bug fixes and enhancements. See http://www.apache.org/dist/httpd/CHANGES2.4.34 for more information on the changes in this version. A security vulnerability is addressed in this update : - modmd: DoS via Coredumps on...

Design/Logic Flaw

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

CVE-2017-12171

A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource...

CVE-2017-12171

CVE-2017-12171 is a vulnerability reported for Red Hat Enterprise Linux 6.9 with httpd 2.2.15-60. The regression causes comments in the Allow and Deny directives to be parsed incorrectly, potentially allowing a remote attacker to bypass access controls and gain access to a restricted HTTP resourc...

Photon OS 2.0 : openjdk8 / httpd / librelp / zsh / libvirt (PhotonOS-PHSA-2018-2.0-0039) (deprecated)

An update of 'openjdk8', 'httpd', 'librelp', 'zsh', 'libvirt', 'libtiff' packages of Photon OS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory...

FreeBSD : Apache httpd -- multiple vulnerabilities (8b1a50ab-8a8e-11e8-add2-b499baebfeaf)

The Apache project reports : - DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low - modmd, DoS via Coredumps on specially crafte...

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2018-199-01)

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-199-01. The text itself is copyright C Slackware Linux...

CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...

CVE-2018-10869

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd...

[slackware-security] httpd

New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.34-i586-1slack14.2.txz: Upgraded. This update fixes two denial of service issues: modmd: DoS via Coredumps on...

Apache httpd -- multiple vulnerabilities

The Apache project reports: DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low modmd, DoS via Coredumps on specially crafted...

Apache Httpd < 2.4.35 : DoS for HTTP/2 connections by continuous SETTINGS

By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Vulnerability

Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1....

VulnCheck KEV: CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware...

httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir

It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use moduserdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data...