Rocky Linux 8 : httpd:2.4 (RLSA-2022:1049)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1049 advisory. - Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:7647)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7647 advisory. - A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Serve...

ALSA-2023:6403 Moderate: httpd and mod_http2 security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.57. BZ2184403 Security Fixes: httpd: modproxyuwsgi HTTP response splitting CVE-2023-27522 For more details about th...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:0258)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0258 advisory. - A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not...

Fedora 39 : httpd (2023-606f830772)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-606f830772 advisory. New version 2.4.58 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:3816)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3816 advisory. - In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow CVE-2021-26691 -...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:1915)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1915 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this...

Rocky Linux 8 : httpd:2.4 (RLSA-2020:4751)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4751 advisory. - In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:4257)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4257 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash,...

Rocky Linux 8 : httpd:2.4 (RLSA-2021:1809)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1809 advisory. - In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry...

Rocky Linux 8 : httpd:2.4 (RLSA-2022:0891)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0891 advisory. - Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. CVE-2021-34798 -...

Fedora: Security Advisory (FEDORA-2023-606f830772)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: httpd24

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

BIT-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.This has been fixed in...

F5 Networks BIG-IP : Apache HTTP server vulnerability (K000132643)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000132643 advisory. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp ...

Amazon Linux 2 : httpd (ALAS-2023-2322)

The version of httpd installed on the remote host is prior to 2.4.58-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2322 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6.3 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2023-35887 DESCRIPTION: Apache MINA SSHD could allow a remote authenticated attacker to obtain sensitive information, caused by improper...

CVE-2023-1713

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...

Code injection

Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...

CVE-2023-1713

CVE-2023-1713 affects Bitrix24 22.0.300. The vulnerability is in insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php, which allows remote authenticated attackers to execute arbitrary code by uploading a crafted “.htaccess” file. The issue impacts web server execu...