2.4 bug fix and enhancement update

An update is available for module.modmd, module.modhttp2, modhttp2, httpd, modmd, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd package...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2025-047)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.12.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-047 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

Azure Linux 3.0 Security Update: httpd (CVE-2023-38709)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38709 advisory. - Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to...

Azure Linux 3.0 Security Update: httpd (CVE-2024-40725)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40725 advisory. - A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy...

Azure Linux 3.0 Security Update: httpd (CVE-2024-39884)

The version of httpd installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39884 advisory. - A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based...

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)

Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...

Exploit for Path Traversal in Apache Http_Server

SSH Key and RCE PoC for CVE-2021-41773 This repository contai...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38477) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38474) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38475) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs ...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to server-side request forgery CVE-2024-39573

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a specially...

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-39573) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to execute arbitrary code on the system CVE-2024-38474

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of their networking implementation Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...