Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1505)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1455)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server

Summary There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2020-1927 DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

MGASA-2020-0166 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL CVE-2020-1927. In Apache...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists as it was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafte...

Denial Of Service (DoS)

subversion is vulnerable to denial of service DoS. The vulnerability exists as a NULL pointer dereference flaw was found in the way the moddavsvn module for use with the Apache HTTP Server processed certain requests. If a malicious, remote user issued a certain type of request to display a...

Information Disclosure

httpd is vulnerable to information disclosure. A flaw was discovered in the way the modproxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a...

Denial Of Service (DoS)

apache http server is vulnerable to denial of service. A flaw was found in the way the moddav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash...

Denial Of Service (DoS)

The Apache HTTP Server is vulnerable to Denial of Service DoS. A denial of service flaw was found in the Apache modproxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as the Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and caus...

Denial Of Service (DoS)

httpd is vulnerable to denial of service DoS. The vulnerability exists as a bug was found in the Apache HTTP Server modcache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash...

Cross-site Scripting (XSS)

httpd is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the Apache HTTP Server modstatus module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat...

Denial Of Service (DoS)

httpd is vulnerable to denial of service. A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a...

Apache 2.4.x < 2.4.42 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.42 advisory. - In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server...

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

CentOS Errata and Security Advisory CESA-2020:1121 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of...

httpd: mod_rewrite configurations vulnerable to open redirect

A flaw was found in Apache HTTP Server httpd versions 2.4.0 to 2.4.41. Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 zip release for RHEL 6, RHEL 7 and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...