Security Bulletin: IBM QRadar SIEM includes components with multiple known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant vulnerabilities. Vulnerability Details CVEID:CVE-2021-43859 DESCRIPTION: XStream is vulnerable to a denial of service, caused by...

Security Bulletin: Vulnerabilities in Bash affect ”WebSphere Message Broker v8 HVE” and “IBM Integration Bus V9 HVE” (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by ”WebSphere Message Broker v8 HVE” and “IBM Integration Bus V9 HVE”...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2222)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-2256)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2022-2243)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to...

Oracle Linux 6 : httpd (ELSA-2022-9714)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9714 advisory. 2.2.15-69.0.5 - handle large writes in aprputs CVE-2022-28614Orabug: 34317854 Tenable has extracted the preceding description block directly from the Oracle Lin...

Oracle Linux 8 : httpd:2.4 (ELSA-2022-9682)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9682 advisory. httpd 2.4.37-47.0.2.2 - modproxy: approxyhttprequest to clear hop-by-hop first and Tenable has extracted the preceding description block directly from the Oracl...

Security Bulletin: IBM Security SiteProtector System is affected by multiple Apache HTTP Server Vulnerabilities

Summary Apache HTTP Server provides HTTP services for SiteProtector. IBM Security SiteProtector System has addressed the following vulnerabilities in an express update CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-26377, CVE-2022-31813 and CVE-2022-30556 : Vulnerability Details...

Oracle Linux 9 : httpd (ELSA-2022-9680)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9680 advisory. 2.4.51-7.0.2 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381949 Tenable has extracted the preceding...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Apache / 2.4.49 CVE-2021-41773 exploit by G...

php security update

An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

Oracle Linux 7 : httpd (ELSA-2022-9675)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9675 advisory. 2.4.6-97.0.7.5 - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34381850 Tenable has extracted the preceding...

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

Oracle Linux 6 : httpd (ELSA-2022-9676)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9676 advisory. - modproxy: approxyhttprequest to clear hop-by-hop first and fixup last CVE-2022-31813Orabug: 34317859 Tenable has extracted the preceding description block...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2199)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2022-1784 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module.CVE-2022-28330...

EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2022-2199)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2022-2180)

According to the versions of the httpd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affec...

Exploit for Path Traversal in Apache Http_Server

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-4...