Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-11759 DESCRIPTION: Apache Tomcat JK modjk Connector could allow a remote attacker to traverse directories on the system, caused by the improper handli...

The vulnerability of the Perl module of the Apache HTTP Server, related to the injection of code into the .htaccess file of the user, allows a hacker to execute arbitrary code.

The vulnerability of the Perl module used by the Apache HTTP Server is related to the injection of code into the .htaccess file of the user’s directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary Perl code on behalf of the user, thereby executing Apache HTTP serve...

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM Cognos Business Intelligence

Summary This bulletin addresses several security vulnerabilities in Apache HTTP Server that are fixed in IBM Cognos Business Intelligence. Vulnerability Details CVEID: CVE-2016-0736 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by an error in...

Security Bulletin: Apache HTTP Server vulnerability in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager ( CVE-2018-17199).

Summary Apache HTTP Server vulnerability has been identified in WebSphere Application Server. WebSphere Application Server is shipped with Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulleti...

Oracle Primavera Unifier Multiple Vulnerabilities (Apr 2019 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.x prior to 16.2.15.7 or 17.7.x prior to 17.12.10 or 18.x prior to 18.8.6. It is, therefore, affected by multiple vulnerabilities: - A deserialization vulnerability in...

CentOS 7 : mod_auth_mellon (CESA-2019:0766)

An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Oracle Linux 7 : mod_auth_mellon (ELSA-2019-0766)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-0766 advisory. - Resolves: rhbz1697488 - CVE-2019-3877 modauthmellon: open redirect in logout url when using URLs with backslashes - Resolves: rhbz1697488 -...

Fedora Update for php FEDORA-2019-253da50ddd

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

mod_auth_mellon security update

CentOS Errata and Security Advisory CESA-2019:0766 An update for modauthmellon is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

OPENSUSE-SU-2019:1209-1 Security update for apache2

This update for apache2 fixes the following issues: CVE-2019-0211: A flaw in the Apache HTTP Server allowed less-privileged child processes or threads to execute arbitrary code with the privileges of the parent process. Attackers with control over CGI scripts or extension modules run by the serve...

Apache HTTP Server File Upload Privilege Escalation (CVE-2019-0211)

A privilege escalation vulnerability exists in Apache HTTP Server. A remote attacker may exploit this vulnerability to execute arbitrary code with administrator privileges...

Important: Red Hat Security Advisory: httpd24-httpd and httpd24-mod_auth_mellon security update

An update for httpd24-httpd and httpd24-modauthmellon is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Security update for apache2 (important)

openSUSE Security Update: Security update for apache2 Announcement ID: openSUSE-SU-2019:1190-1 Rating: important References: 1131233 1131237 1131239 1131241 1131245 Cross-References: CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0217 CVE-2019-0220 Affected Products: openSUSE Leap 42.3 An...

Amazon Linux AMI : httpd24 (ALAS-2019-1189)

In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulating the scoreboar...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

ALPINE-CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...