Check Point response to Apache CVEs - November 2021 for httpd versions between 2.4.41 and 2.4.51

Solution In November 2021, Apache open source published CVEs for httpd versions between 2.4.41 and 2.4.51 see the list of the CVEs in the "Cause" section. Check Point uses the Apache HTTP Server as the Web server for several of its user portals on both the Security Gateway Gaia Portal, Identity...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.50 - Path Traversal or Remote Code Execution CVE-20...

NewStart CGSL MAIN 6.02 : bash Multiple Vulnerabilities (NS-SA-2021-0118)

The remote NewStart CGSL host, running version MAIN 6.02, has bash packages installed that are affected by multiple vulnerabilities: - GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remot...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:3522-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3522-1 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2021-2586)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (2)

Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...

EulerOS 2.0 SP3 : httpd (EulerOS-SA-2021-2586)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013Reverse-Shell PoC CVE-2021-42013 reverse shell...

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.49 - Path Traversal or Remote Code Execution cve-20...

CLSA-2021-1634922624 Fixed CVE-2020-35452 in httpd

CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Fedora: Security Advisory for httpd (FEDORA-2021-ae829e54ab)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013 - Apache HTTP Server 2.4.50 Cara Menjalankan...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 - Apache HTTP Server 2.4.49 Cara Menjalankan...

Apache HTTP Server Server-Side Request Forgery (CVE-2021-40438)

A Server Side Request Forgery vulnerability exists in Apache HTTP Server. A remote attacker may exploit this issue by making a specially crafted HTTP request. Successful exploitation would allow attackers to create HTTP requests on behalf of the vulnerable server...

Amazon Linux AMI : httpd24 (ALAS-2021-1543)

The version of httpd24 installed on the remote host is prior to 2.4.51-1.94. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1543 advisory. A NULL pointer dereference was found in Apache httpd modh2. The highest threat from this flaw is to system integrity...

[SECURITY] Fedora 33 Update: httpd-2.4.51-1.fc33

The Apache HTTP Server is a powerful, efficient, and extensible web server...