Ubuntu: Security Advisory (USN-6506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6506-1: Apache HTTP Server vulnerabilities

David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. CVE-2023-31122 Prof. Sven Dietrich, Isa Jafarov, Prof. Heejo Lee, and...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...

Oracle Linux 9 : httpd / and / mod_http2 (ELSA-2023-6403)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-6403 advisory. - Resolves: 2177753 - CVE-2023-25690 httpd: HTTP request splitting with modrewrite and modproxy modhttp2 Tenable has extracted the preceding description block...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:4451-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4451-1 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-433)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-433 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker...

Moderate: Red Hat Security Advisory: mod_auth_openidc:2.3 security and bug fix update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Apache Airflow Authorization Problem Vulnerability (CNVD-2023-93318)

Apache HTTP Server Buffer Overflow Vulnerability CNVD-2023-93320...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:4431-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4431-1 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

ALSA-2023:6940 Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

SUSE SLES15 Security Update : apache2 (SUSE-SU-2023:4432-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4432-1 advisory. - Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122...

Moderate: mod_auth_openidc:2.3 security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

Fedora: Security Advisory for httpd (FEDORA-2023-3d1bf0ee44)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: mod_auth_openidc security and bug fix update

An update for modauthopenidc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

httpd: mod_proxy_uwsgi HTTP response splitting

An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via modproxyuwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client...

[SECURITY] Fedora 37 Update: httpd-2.4.58-1.fc37

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora 37 : httpd (2023-3d1bf0ee44)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-3d1bf0ee44 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

RHEL 9 : httpd and mod_http2 (RHSA-2023:6403)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6403 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a...

ALSA-2023:6365 Moderate: mod_auth_openidc security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...

Moderate: mod_auth_openidc security and bug fix update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: modauthopenidc: Open Redirect in oidcvalidateredirecturl using tab character...