Important Photon OS Security Update - PHSA-2017-0077

Updates of 'httpd' packages of Photon OS have been released...

XiongMai uc-httpd Directory Traversal Vulnerability

XiongMai uc-httpd is a HTTP protection program for cameras and other products from XiongMai. A directory traversal vulnerability exists in XiongMai uc-httpd. A remote attacker can send a 'GET ... /' HTTP request to exploit the vulnerability to read arbitrary files...

Fedora Update for httpd FEDORA-2017-a52f252521

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Tiny HTTPd 0.1.0 - Directory Traversal Vulnerability

Exploit for linux platform in category remote exploits ====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Ti...

Tiny HTTPd 0.1.0 - Directory Traversal

Tiny HTTPd 0.1.0 - Directory Traversal ====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Tiny HTTPd Version...

Tiny HTTPd 0.1.0 - Directory Traversal

====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Tiny HTTPd Version: 0.1.0 Download Link:...

Fedora 26 : httpd (2017-a52f252521) (Optionsbleed)

This is a release fixing a security fix applied upstream, known as 'optionsbleed' in popular parlance. It is relevant for hosted and co-located instances of Fedora and why wouldn't you?. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

[SECURITY] Fedora 26 Update: httpd-2.4.27-3.fc26

The Apache HTTP Server is a powerful, efficient, and extensible web server...

CVE-2015-5284

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : httpd (SSA:2017-261-01) (Optionsbleed)

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-261-01. The te...

Amazon Linux AMI : httpd24 / httpd (ALAS-2017-896) (Optionsbleed)

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret...

[slackware-security] httpd

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/httpd-2.4.27-i586-2slack14.2.txz: Rebuilt. This update patches a security issue "Optionsbleed" with th...

Design/Logic Flaw

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

CVE-2017-9798

CVE-2017-9798 affects the Apache HTTP Server (httpd) up to 2.4.27 and 2.2.34. A use-after-free flaw in how httpd handles invalid/previously unregistered HTTP methods specified by the Limit directive (used in .htaccess or certain httpd.conf configurations) can allow a remote, unauthenticated attac...

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

UBUNTU-CVE-2017-9798

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker...

Important: httpd24, httpd

Issue Overview: Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. The attacker sends an unauthenticated OPTIONS HTTP request when attempting t...

mod_gnutls: Certificate validation error

Background modgnutls is an extension for ​Apache’s httpd. It uses the ​GnuTLS library to provide HTTPS. It supports some protocols and features that modssl does not. Description It was discovered that the authentication hook in modgnutls does not validate client’s certificates even when option...

Amazon Linux AMI : httpd (ALAS-2017-892)

A NULL pointer dereference flaw was found in the httpd's modssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. CVE-2017-3169 It was discovered that the...