Apache HTTP Server 'mod_perl' /perl-status accessible (HTTP)

Requesting the URI /perl-status provides a comprehensive overview of the server configuration. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-lat...

OESA-2021-1253 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of ServiceCVE-2021-26690...

Advisory ROSA-SA-2021-1922

Software: modauthopenidc 1.8.8 OS: Cobalt 7.9 CVE-ID: CVE-2017-6062 CVE-Crit: HIGH CVE-DESC: The "OpenID Connect Verification Party and OAuth 2.0 Resource Server" module also known as modauthopenidc before version 2.1.5 for Apache HTTP Server does not pass the OIDCCLAIM and OIDCAuthNHeader header...

Amazon Linux 2 : httpd (ALAS-2021-1674)

The version of httpd installed on the remote host is prior to 2.4.48-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1674 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 A flaw was...

Amazon Linux 2 : mod_http2 (ALAS-2021-1678)

The version of modhttp2 installed on the remote host is prior to 1.15.19-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1678 advisory. A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use thi...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2021-26691 DESCRIPTION: Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2021:2127-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2127-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted...

openSUSE 15 Security Update : apache2 (openSUSE-SU-2021:0908-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:0908-1 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests...

Amazon Linux 2 : httpd (ALAS-2021-1659)

The version of httpd installed on the remote host is prior to 2.4.48-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1659 advisory. A flaw was found in Apache httpd. The modproxywstunnel module tunnels non-upgraded connections. CVE-2019-17567 Apache HTTP...

Amazon Linux 2 : httpd (ALAS-2021-1672)

The version of httpd installed on the remote host is prior to 2.4.46-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1672 advisory. A null pointer de-reference was found in the way httpd handled specially crafted HTTP/2 request. A remote attacker could use this fl...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with proof-of-concept PoC exploits and tools for exploiting them. The repository is maintained by phith0n and is available on GitHub. The...

USN-4994-1: Apache HTTP Server vulnerabilities

Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. CVE-2020-13950...

SUSE SLED12 / SLES12 Security Update : apache2 (SUSE-SU-2021:2006-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2006-1 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest...

SUSE SLES11: apache2 / apache2-doc / apache2-example-pages / apache2-prefork / etc (SUSE-SU-2021:14749-1)

The remote SUSE Linux SLES11 / SLESSAP11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14749-1 advisory. - fixed CVE-2021-30641 bsc1187174: MergeSlashes regression - fixed CVE-2020-35452 bsc1186922: Single zero byte stack overflow in...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerabilities (USN-4994-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4994-2 advisory. USN-4994-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Ubuntu 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-4994-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4994-1 advisory. Marc Stern discovered that the Apache modproxyhttp module incorrectly handled certain requests. A remote attacker could possibly use this iss...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 8 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP8 (RHSA-2021:2472)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2472 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This...

CVE-2021-31618

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating...