RHEL 9 : mod_http2 (RHSA-2024:2368)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2368 advisory. The modhttp2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd:...

USN-6729-3: Apache HTTP Server vulnerabilities

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue ...

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the...

Fedora 40 : httpd (2024-937be154d8)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-937be154d8 advisory. This update includes httpd version 2.4.59, fixing various security issues and bugs. See https://downloads.apache.org/httpd/CHANGES2.4.59 for complet...

ROS-20240425-01

Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...

ROS-20240423-01

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...

Oracle HTTP Server (April 2024 CPU)

The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: Plugins BSAFE Crypto-J. Supported versions that are affected are...

USN-6729-2: Apache HTTP Server vulnerabilities

USN-6729-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly...

Apache 2.4.x < 2.4.54 Authentication Bypass

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an authentication bypass vulnerability as referenced in the 2.4.54 advisory. - X-Forwarded-For dropped by hop-by-hop mechanism in modproxy: Apache HTTP Server 2.4.53 and earlier may not send...

Apache 2.4.x < 2.4.54 Multiple Vulnerabilities (mod_lua)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.54 advisory. - Denial of service in modlua r:parsebody: In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that...

Apache 2.4.x < 2.4.54 Out-Of-Bounds Read (CVE-2022-28330)

The version of Apache httpd installed on the remote host is prior to 2.4.54. It is, therefore, affected by an out-of-bounds read vulnerability as referenced in the 2.4.54 advisory. - Read beyond bounds in modisapi: Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when...

Apache 2.4.x < 2.4.58 Out-of-Bounds Read (CVE-2023-31122)

The version of Apache httpd installed on the remote host is prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.58 advisory. - modmacro buffer over-read: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server. This issue affects Apache HTTP...

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 - Faulty input...

USN-6729-1: Apache HTTP Server vulnerabilities

Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. CVE-2023-38709 Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validatin...

Important: httpd:2.4/mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Apache HTTP Server vulnerabilities (USN-6729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-1 advisory. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use...

Vulnerabilities fixed in Apache HTTP Server

Apache has fixed vulnerabilities in Apache HTTP Server. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Apache has released updates to fix the vulnerabilities in Apache server 2.4.59...

Apache HTTP Server Response Splitting Vulnerability (CNVD-2024-36394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a response splitting vulnerability that can be exploited by an attacker to inject arbitrary HTTP...

Apache HTTP Server Input Validation Error Vulnerability (CNVD-2024-36395)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server version 2.4.58 and earlier versions, which can be exploited t...

Apache HTTP Server Resource Management Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A resource management error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause memory...