Important: Red Hat Security Advisory: httpd:2.4 security update

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Oracle Linux 8 : httpd:2.4 (ELSA-2020-3714)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3714 advisory. modhttp2 1.11.3-3.1 - Resolves: 1869072 - CVE-2020-9490 httpd:2.4/modhttp2: httpd: Push diary crash on specifically crafted HTTP/2 header Tenable has extracted...

Apache Httpd < 2.4.48 : mod_proxy_http NULL pointer dereference

Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-9490 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a...

ALSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

php:7.3 security, bug fix, and enhancement update

An update is available for php-pear, php-pecl-rrd, php, php-pecl-apcu, php-pecl-xdebug, libzip, php-pecl-zip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP...

EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1969)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated we...

Debian DLA-2362-1 : uwsgi security update

Apache HTTP Server versions before 2.4.32 uses src:uwsgi where a flaw was discovered. The uwsgi protocol does not let us serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. For Debian 9 stretch, this problem has been fixed in version...

[SECURITY] Fedora 31 Update: httpd-2.4.46-1.fc31

The Apache HTTP Server is a powerful, efficient, and extensible web server...

CVE-2020-25073

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...

Code injection

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...

CVE-2020-25073

This CVE affects FreedomBox (through 20.13) and the Plinth package on some Linux distros when the Apache mod_status module is enabled. The root cause is that a Tor onion service or PageKite connection is treated as local, allowing remote attackers to read sensitive data from the Apache /server-st...

CVE-2020-25073

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service or from PageKite is considered a local connection. This affects both the freedombox and plinth packages of some...

Security Bulletin: Vulnerability in the IBM HTTP Server used by WebSphere Application Server is fixed in 9.0.0.3

Summary There is a spoofing vulnerability in the IBM HTTP Server used by WebSphere Application Server version 9. This vulnerability has been fixed in IBM HTTP Server version 9.0.0.3. Vulnerability Details CVEID: CVE-2020-11985 DESCRIPTION: Apache HTTP Server could allow a remote attacker to condu...

[SECURITY] Fedora 32 Update: httpd-2.4.46-1.fc32

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Low: httpd24

Issue Overview: No CVE associated with this advisory Affected Packages: httpd24 Issue Correction: Run yum update httpd24 or yum update --advisory ALAS-2020-1418 to update your system. New Packages: i686: mod24proxyhtml-2.4.46-1.90.amzn1.i686 httpd24-tools-2.4.46-1.90.amzn1.i686 ...

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1874)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1854)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging...