5762 matches found
MGASA-2020-0327 Updated apache packages fix security vulnerability
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Updated apache packages fix security vulnerability
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Apache HTTP Server vulnerabilities (USN-4458-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4458-1 advisory. Fabrice Perez discovered that the Apache modrewrite module incorrectly handled certain redirects. A remote attacker could possibl...
USN-4458-1: Apache HTTP Server vulnerabilities
Fabrice Perez discovered that the Apache modrewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. CVE-2020-1927 Chamal De Silva discovered that the Apache modproxyftp module incorrectly handled memory when...
Apache 2.4.x < 2.4.46 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 - Apache HTTP Server versio...
Information Disclosure
Apache HTTP server is vulnerable to modproxyuwsgi info disclosure and possible RCE...
Apache HTTP Server Buffer Overflow Vulnerability
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A buffer overflow vulnerability exists in moduwsgi in Apache HTTP Server versions 2.4.32 through 2.4.44. An...
Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities - Linux
Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
Apache HTTP Server 2.4.32 < 2.4.44 mod_proxy_uwsgi Buffer Overflow Vulnerability - Linux
Apache HTTP Server is prone to a buffer overflow vulnerability in modproxyuwsgi. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities - Windows
Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver"; if...
Apache HTTP Server 2.4.32 < 2.4.44 mod_proxy_uwsgi Buffer Overflow Vulnerability - Windows
Apache HTTP Server is prone to a buffer overflow vulnerability in modproxyuwsgi. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 2.4.1 < 2.4.24 IP Spoofing Vulnerability - Linux
Apache HTTP Server is prone to an IP address spoofing vulnerability when proxying using modremoteip and modrewrite. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
DEBIAN-CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
CVE-2020-11985
IP address spoofing when proxying using modremoteip and modrewrite For configurations using proxying with modremoteip and certain modrewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...
CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...
DEBIAN-CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...