Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

httpd: mod_http2: read-after-free on a string compare

A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly...

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of...

RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2644 advisory. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This...

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2020-1650)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes...

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1650)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...

Security Bulletin: Vulnerabilities CVE-2020-1927 and CVE-2020-1934 in Apache HTTP Server affect IBM i

Summary Apache HTTP Server is supported on IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the modrewrite module. An...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 9 security update

An update is now available for Red Hat JBoss Web Server 3.1, for RHEL 6, RHEL 7 and Windows. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Amazon Linux AMI : httpd24 (ALAS-2020-1370)

The version of httpd24 installed on the remote host is prior to 2.4.43-1.89. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1370 advisory. In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: httpd24

Issue Overview: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.CVE-2020-1927 In Apache HTTP Server 2.4.0 to 2.4.41,...

EulerOS 2.0 SP5 : httpd (EulerOS-SA-2020-1601)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server.CVE-2020-1934 - In Apache...

Fedora: Security Advisory for php (FEDORA-2020-3ea2253402)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: httpd24-httpd and httpd24-mod_md security and enhancement update

An update for httpd24-httpd and httpd24-modmd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Amazon Linux 2 : httpd (ALAS-2020-1427)

The version of httpd installed on the remote host is prior to 2.4.43-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1427 advisory. In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...

[SECURITY] Fedora 32 Update: php-7.4.6-1.fc32

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

EulerOS Virtualization for ARM 64 3.0.2.0 : httpd (EulerOS-SA-2020-1552)

According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential...

EulerOS Virtualization for ARM 64 3.0.2.0 : php (EulerOS-SA-2020-1542)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated we...