SUSE SLES12 Security Update : apache2 (SUSE-SU-2023:0803-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0803-1 advisory. - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are...

Amazon Linux AMI : httpd24 (ALAS-2023-1711)

The version of httpd24 installed on the remote host is prior to 2.4.56-1.100. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1711 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory...

Ubuntu 16.04 ESM : Apache HTTP Server vulnerability (USN-5942-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5942-2 advisory. USN-5942-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding update for CVE-2023-25690 for Ubuntu 16.04 ESM. Tenable has extract...

Important: httpd

Issue Overview: Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion o...

Important: httpd

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-072)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-072 advisory. There's a null pointer dereference and server-side request forgery flaw in httpd's modproxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2023-115)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-115 advisory. A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to cras...

[SECURITY] [DSA 5376-1] apache2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5376-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2023 https://www.debian.org/security/faq -...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-35452)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-35452 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in...

CBL Mariner 2.0 Security Update: httpd / mod_http2 (CVE-2022-37436)

The version of httpd / modhttp2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37436 advisory. - Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be...

CBL Mariner 2.0 Security Update: httpd (CVE-2020-13950)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-13950 advisory. - Apache HTTP Server versions 2.4.41 to 2.4.46 modproxyhttp can be made to crash NULL pointer dereference with...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-30641)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-30641 advisory. - Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...

CBL Mariner 2.0 Security Update: httpd (CVE-2021-26690)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-26690 advisory. - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1525)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: httpd24

Issue Overview: A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. CVE-2006-20001 Inconsistent...

CBL Mariner 2.0 Security Update: httpd (CVE-2019-17567)

The version of httpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-17567 advisory. - Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily...

EulerOS 2.0 SP10 : httpd (EulerOS-SA-2023-1550)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header...

MGASA-2023-0100 Updated apache packages fix security vulnerability

Some modproxy configurations on Apache HTTP Server allow a HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target URL data an...

[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Fedora: Security Advisory for httpd (FEDORA-2023-7d14cdec4a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...