OESA-2023-1052 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to...

[SECURITY] Fedora 36 Update: httpd-2.4.55-1.fc36

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Ubuntu: Security Advisory (USN-5839-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 36 : httpd (2023-6d4055d482)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6d4055d482 advisory. - new version 2.4.55 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not test...

Fedora: Security Advisory for httpd (FEDORA-2023-6d4055d482)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Aspera Orchestrator affected by an Apache HTTP Server vulnerability (CVE-2022-28614)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28614 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in the aprwrite function. By reflecting very large...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability ( CVE-2022-31813)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the X-Forwarded- headers to the origin...

Security Bulletin: IBM Aspera Orchestrator affected by HTTP request splitting attack due to Apache HTTP Server vulnerability (CVE-2021-33193)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-33193 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by improper input validation in HTTP/2 message processing. A remote attacker...

Security Bulletin: IBM Aspera Orchestrator vulnerable to HTTP request smuggling due to an Apache HTTP Server vulnerability (CVE-2022-26377)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-26377 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by an inconsistent Interpretation of HTTP Requests vulnerability in modproxyajp. An...

Security Bulletin: IBM Aspera Orchestrator was vulnerable to denial of service due to an Apache HTTP Server vulnerability (CVE-2021-34798)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-34798 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference in httpd core. By sending a specially crafted request, a...

Security Bulletin: IBM Aspera Orchestrator affected by buffer overflow vulnerability (CVE-2021-39275)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes function. By sending specially crafted...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-23943)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-23943 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in modsed. By sending special...

Security Bulletin: IBM Aspera Orchestrator affected by vulnerability (CVE-2022-28330)

Summary The vulnerability CVE-2022-28330 has been remediated in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-28330 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to read beyond boun...

Security Bulletin: IBM Aspera Orchestrator affected by Apache HTTP Server vulnerability (CVE-2022-30556)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30556 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an error in modlua with websockets. An attacker could exploi...

Security Bulletin: IBM Aspera Orchestrator affected by denial of service vulnerability (CVE-2021-36160)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-36160 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read in modproxyuwsgi. By sending a specially crafted request...

Security Bulletin: IBM Aspera Orchestrator was vulnerable to a denial of service attack due to an Apache HTTP Server vulnerability (CVE-2022-30522)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-30522 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service when configured to do transformations with modsed in contexts where the input to modsed may be...

Security Bulletin: IBM Aspera Orchestrator affected by denial of service vulnerability (CVE-2022-22719)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-22719 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By using a specially crafted request body to read a random memory area, a remote attacker could...

Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-40438 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in modproxy. By sending a specially crafted request uri-path, a remo...

USN-5839-2: Apache HTTP Server vulnerability

USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server modproxy module incorrectly truncated certain response headers. This may result in later...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5839-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5839-2 advisory. USN-5839-1 fixed a vulnerability in Apache. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...