Moderate: mod_auth_mellon security update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect vulnerability in logo...

mod_auth_mellon security update

An update is available for modauthmellon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthmellon module for the Apache HTTP Server is an authenticatio...

RLSA-2022:1934 Moderate: mod_auth_mellon security update

The modauthmellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fixes: modauthmellon: Open Redirect vulnerability in logo...

httpd:2.4 security and bug fix update

An update is available for httpd, modhttp2, modmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful,...

Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path CVE-2021-36160 httpd:...

RLSA-2022:1915 Moderate: httpd:2.4 security and bug fix update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Request splitting via HTTP/2 method injection and modproxy CVE-2021-33193 httpd: modproxyuwsgi: out-of-bounds read via a crafted request uri-path CVE-2021-36160 httpd:...

RLSA-2022:1935 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

ALSA-2022:1823 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786...

RLSA-2022:1823 Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786...

mod_auth_openidc:2.3 security update

An update is available for modauthopenidc, cjose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modauthopenidc is an OpenID Connect authentication module f...

Moderate: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786...

Tenable SecurityCenter < 5.21.0 Multiple Vulnerabilities (TNS-2022-09)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is less than 5.21.0 and is therefore affected by multiple vulnerabilities: - A command injection vulnerability exists in Composer. An unauthenticated, remote attacker can exploit this to...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

Tenable SecurityCenter 5.12.x - 5.18.x / 5.19.x / 5.20.x Multiple Vulnerabilities (TNS-2022-08)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.19.x or 5.20.x and is therefore affected by multiple vulnerabilities: - Read/write beyond bounds - Out-of-bounds Write vulnerability in modsed of Apache HTTP Server allows an...

ALSA-2022:1935 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : httpd Multiple Vulnerabilities (NS-SA-2022-0021)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has httpd packages installed that are affected by multiple vulnerabilities: - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 ...

SUSE-SU-2022:1483-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in moddavsvn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service bsc1197940. - CVE-2021-28544: Fixed an information leak issue where...

Amazon Linux AMI : httpd24 (ALAS-2022-1584)

The version of httpd24 installed on the remote host is prior to 2.4.53-1.96. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1584 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to ...

Amazon Linux 2 : httpd (ALAS-2022-1783)

The version of httpd installed on the remote host is prior to 2.4.53-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1783 advisory. A flaw was found in the modlua module of httpd. A crafted request body can cause a read to a random memory area due to an...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2022-1569)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP...