5762 matches found
USN-3370-1 apache2 vulnerability
Robert Święcki discovered that the Apache HTTP Server modauthdigest module incorrectly cleared values when processing certain requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial or service, or possibly obtain sensitive information...
CVE-2017-7659
A maliciously constructed HTTP/2 request could cause modhttp2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process...
CVE-2017-7659
The CVE-2017-7659 issue affects the Apache HTTP Server (mod_http2) where a malicious HTTP/2 request could dereference a NULL pointer and crash the server process. Concrete details across connected docs show this vulnerability in Apache httpd before a fixed release (2.4.26) and are addressed by va...
Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 1 security update
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
[SECURITY] Fedora 24 Update: php-5.6.31-1.fc24
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Apache HTTP Server 'mod_auth_digest' Multiple Vulnerabilities - Linux
Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...
Apache HTTP Server 'mod_http2' Denial-Of-Service Vulnerability - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache HTTP Server 'mod_auth_digest' Multiple Vulnerabilities - Windows
Apache HTTP Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:httpserver";...
[SECURITY] Fedora 25 Update: httpd-2.4.27-2.fc25
The Apache HTTP Server is a powerful, efficient, and extensible web server...
CentOS Update for httpd CESA-2017:1721 centos6
Check the version of httpd SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882751";...
ALPINE-CVE-2017-9789
When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour...
Virtuozzo 7 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-0906)
An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
httpd, mod_ssl security update
CentOS Errata and Security Advisory CESA-2017:1721 An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RedHat Update for httpd RHSA-2017:1721-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Concrete CMS: Stored XSS vulnerability in RSS Feeds Description field
Intro "Pirates of the Crayons" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. b54f2b451f0a0804699c4cf9f0b3a8fef0e407db July 10th Summary There is Stored XSS vulnerability in RSS Feeds Description property. Value of the textarea is not...
httpd security and bug fix update
2.2.15-60.0.1.4 - replace index.html with Oracle's index page oracleindex.html - update vstring in specfile 2.2.15-60.4 - Related: 1427675 - CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects 2.2.15-60.3 - Resolves: 1463205 - CVE-2017-7668 httpd: apfindtoken buffer overread...
[SECURITY] Fedora 26 Update: httpd-2.4.26-1.fc26
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Internet Bug Bounty: Apache HTTP Request Parsing Whitespace Defects
Apache HTTP Server, prior to release 2.4.25, accepted a broad pattern of unusual whitespace patterns from the user-agent, including bare CR, FF, VTAB in parsing the request line and request header lines, as well as HTAB in parsing the request line. Any bare CR present in request lines was treated...
USN-3340-1: Apache HTTP Server vulnerabilities
Emmanuel Dreyfus discovered that third-party modules using the apgetbasicauthpw function outside of the authentication phase may lead to authentication requirements being bypassed. This update adds a new apgetbasicauthcomponents function for use by third-party modules. CVE-2017-3167 Vasileios...
Apache HTTP Server 'mod_http2' null pointer dereference DoS Vulnerability - Windows
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...