Amazon Linux AMI : httpd24 (ALAS-2023-1711)

The version of httpd24 installed on the remote host is prior to 2.4.56-1.100. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1711 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0803-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0803-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5942-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5942-2 advisory. USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Tenable has extract...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-115 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to cras...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the...

[SECURITY] [DSA 5376-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2023 https://www.debian.org/security/faq -...

Important: httpd24

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-13950)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-13950 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-26690)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-26690 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-30641)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-30641 advisory. - Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

CBL Mariner 2.0 Security Update: httpd (CVE-2019-17567)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-17567 advisory. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-35452)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35452 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1525)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2023-1550)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

MGASA-2023-0100 Updated apache packages fix security vulnerability

Some modproxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target URL data an...

[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora: Security Advisory for httpd (FEDORA-2023-7d14cdec4a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Internet Bug Bounty: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)

A vulnerability was found in Apache HTTP Server's modproxyuwsgi, affecting versions 2.4.30 through 2.4.55. The issue allowed special characters in the origin response header to truncate or split the response forwarded to the client, potentially resulting in security headers being ignored by the...

Fedora 38 : httpd (2023-7d14cdec4a)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7d14cdec4a advisory. - new version 2.4.56 - security update for CVE-2023-27522 and CVE-2023-25690 Tenable has extracted the preceding description block directly from the...