Oracle Linux 7 : httpd (ELSA-2019-1898)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1898 advisory. 2.4.6-89.0.1 - replace index.html with Oracle's index page oracleindex.html 2.4.6-89.1 - Resolves: 1719722 - CVE-2018-1312 httpd: Weak Digest auth nonce...

Oracle Linux 8 : mod_auth_mellon (ELSA-2019-0985)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-0985 advisory. 0.14.0-3.2 - Resolves: rhbz1696197 - CVE-2019-3878 modauthmellon: authentication bypass in ECP flow rhel-8.0.0.z Tenable has extracted the preceding description...

Amazon Linux 2 : mod_http2 (ALAS-2019-1264)

A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 C Tenable Network Security, Inc...

Fedora Update for php FEDORA-2019-f07db8f031

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: php-7.2.21-1.fc29

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

[SECURITY] Fedora 30 Update: php-7.3.8-1.fc30

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Low: mod_http2

Issue Overview: A vulnerability was found in Apache HTTP Server 2.4. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly. CVE-2019-0196 Affected Packages...

CVE-2016-10796

cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...

Design/Logic Flaw

cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files SEC-130...

httpd: mod_auth_digest: access control bypass due to race condition

A race condition was found in modauthdigest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions...

CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

Design/Logic Flaw

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

CVE-2016-10786

cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys SEC-186...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination SEC-291...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...

Code injection

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination SEC-291...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing SEC-290...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt SEC-274...