uc-http Daemon - Local File Inclusion / Directory Traversal

''' | \ | \ | | | | | | / \ | | | |/ / | |/ / | | | | | | | | | / / | | | / | / | | | | | | | | | | | | | | | |\ \ \ / / // / | | | /\ | | | | | / / / / / | | | \ | | / | | | / \ | | | | | \ | | | | \ \ / / | | | | | \ --. | | | / / | | | | | |/ / | | | | \ V / | | | . | --. \ | | | |...

Null pointer dereference

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

Apache Httpd < 2.4.26 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

Apache Httpd < 2.2.34 : ap_find_token() Buffer Overread

The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2017-1086)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2017-1085)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the modsessioncrypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored i...

EulerOS 2.0 SP1 : httpd (EulerOS-SA-2016-1030)

According to the version of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts,...

httpd: IP address spoofing when proxying using mod_remoteip and mod_rewrite

A flaw was found in the modremoteip module shipped with the httpd package. This flaw allows an attacker to spoof the IP address, resulting in the bypass of a modrewrite rule. The highest threat from this vulnerability is to integrity...

httpd: DoS vulnerability in mod_auth_digest

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...

httpd: Incomplete handling of LimitRequestFields directive in mod_http2

A vulnerability was found in httpd's handling of the LimitRequestFields directive in modhttp2, affecting servers with HTTP/2 enabled. An attacker could send crafted requests with headers larger than the server's available memory, causing httpd to crash...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0013

An update of cracklib,libevent,libgcrypt,httpd,glibc packages for PhotonOS has been released...

XM tech security monitoring equipment, pre-uc-httpd server causes the presence of any directory traversal and local file inclusion vulnerabilities

0x01 vulnerability overview 1, the vendor information Manufacturer name: XM tech Official domain name: www.xiongmaitech.com Hangzhou XM Information Technology Co., Ltd. specialize in security monitoring, intelligent video independent research and development dedicated to security video monitoring...

CentOS Update for httpd CESA-2017:0906 centos7

Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882692";...

XiongMai uc-http 1.0.0 Local File Inclusion / Directory Traversal

uc-httpd is an HTTP daemon used by a wide array of IoT devices and is vulnerable to local file inclusion and directory traversal bugs. +---------------------------------------------------------+ | Vulnerable Software: uc-httpd | | Vendor: XiongMai Technologies | | Vulnerability Type: LFI, Directo...

RHEL 7 : httpd (RHSA-2017:0906)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Oracle Linux 7 : httpd (ELSA-2017-0906)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0906 advisory. - updated patch for CVE-2016-8743 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

RedHat Update for httpd RHSA-2017:0906-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

httpd: DoS vulnerability in mod_auth_digest

It was discovered that the modauthdigest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication...