PT-2024-5848

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.59 and earlier Description The issue is related to a substitution encoding problem in the mod rewrite module of the Apache HTTP Server, allowing an attacker to execute scripts in directories permitted by the...

RHEL 8 : httpd:2.4/httpd (RHSA-2024:4197)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4197 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response...

Apache 2.4.x < 2.4.60 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.60. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.60 advisory. - Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash o...

ALSA-2024:4197 Moderate: httpd:2.4/httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd:2.4: httpd: HTTP response splitting CVE-2023-38709 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2024-1836)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377)

Summary IBM QRadar SIEM is vulnerable to AJP Smuggling to Response Queue Poisoning. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of...

RHEL 4 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd information disclosure in FileEtag CVE-2003-1418 - httpd: HTTP request smuggling attack against...

RHEL 5 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - httpd: modmime buffer overread CVE-2017-7679 - httpd: Weak Digest auth nonce generation in modauthdigest...

RHEL 6 : httpd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Possible integer overflow to fix inside XMLParse in Expat CVE-2016-9063 - httpd: Weak Digest aut...

ROS-20240603-04

Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory OOM...

Security Bulletin: IBM Aspera Console has addressed multiple HTTP vulnerabilities (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)

Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information CVE-2022-43841, CVE-2024-24795, CVE-2023-38709...

PT-2024-4676 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to serving WebSocket protocol upgrades over a HTTP/2 connection, which could result in a Null Pointer dereference. This can lead to a crash of the server...

Fedora: Security Advisory (FEDORA-2024-d0dccd6b96)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-937be154d8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3818-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS -...

RHEL 8 : httpd:2.4 (RHSA-2024:3121)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3121 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro:...

Moderate: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For more details about the...

ALSA-2024:3121 Moderate: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 modhttp2: reset requests exhaust memory incomplete fix of CVE-2023-44487 CVE-2023-45802 For more details about the...